gh0strat | 29d9ef3a1ce92e9edaf44778fac82f55caf5a9f0debb7cfe1e912eef06004f89

General

Target

29d9ef3a1ce92e9edaf44778fac82f55caf5a9f0debb7cfe1e912eef06004f89
Size

141KB
MD5

29fc8171161e1bd4643ad2fed3c36c9d
SHA1

2edb1e34233c584b5166523239bc5aba35b4da76
SHA256

29d9ef3a1ce92e9edaf44778fac82f55caf5a9f0debb7cfe1e912eef06004f89
SHA512

54f9ceaeb35d7c5c6f1b6077651dd3b47764019e9d53785455781ab69527d4607e4c95b7cc97db351b71af79284c508f6164a8db985c94110d4adcbf0cff295d
SSDEEP

3072:q3OtzDO0VJ48uynILuZZNcjFBpL8jemdbvcBDw:q30zDO0V1BzNU5qvcBDw

Score

10^/10

gh0strat

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/ad08c24d3572900d3e31a50f7f6aba04fc55896d83787853621decf2d97f2d9d.exe	family_gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ad08c24d3572900d3e31a50f7f6aba04fc55896d83787853621decf2d97f2d9d.exe

29d9ef3a1ce92e9edaf44778fac82f55caf5a9f0debb7cfe1e912eef06004f89
.zip

Password: infected
ad08c24d3572900d3e31a50f7f6aba04fc55896d83787853621decf2d97f2d9d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ