gh0strat | 21321c6c778a1b14c25f561224e4e237e99f849ff067b8a40019efaafc22a65b

Sharing

Copy URL Twitter E-mail

General

Target

21321c6c778a1b14c25f561224e4e237e99f849ff067b8a40019efaafc22a65b
Size

3.5MB
MD5

3546c105867665ca8daa696477fb2461
SHA1

c7c72b78c8877d612f1ec44c6818e009f546a3c0
SHA256

21321c6c778a1b14c25f561224e4e237e99f849ff067b8a40019efaafc22a65b
SHA512

20e468a30c988a6b906d8b8d76ab9cee91013050ee53c2ad4e9acfd9edb9af787e0b922d2e05cf63f542ffda875fbc170f4de0c0da57d3dd2da2e48ba8a334f8
SSDEEP

49152:ng+/9/fLPelCKo9/T1mevyjSMEvcDWKTCR/BOzIApvu0bdXYi7/tJYMma:geVje0lUvYRJOzI0LV1t2Mm

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21321c6c778a1b14c25f561224e4e237e99f849ff067b8a40019efaafc22a65b

Files

21321c6c778a1b14c25f561224e4e237e99f849ff067b8a40019efaafc22a65b
.exe windows:4 windows x86 arch:x86

76b8611d83b9082bab66bfb7771311bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
SHAutoComplete

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
LCMapStringW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
SetUnhandledExceptionFilter
GetProfileStringA
LCMapStringA
IsValidLocale
InitializeCriticalSection
IsBadWritePtr
HeapCreate
lstrcatA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
HeapDestroy
GetEnvironmentVariableA
HeapSize
HeapReAlloc
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
TerminateProcess
CloseHandle
TerminateThread
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreateEventA
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
WriteFile
SetFilePointer
CreateFileA
lstrcmpA
lstrlenA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
GetModuleFileNameA
GetFileSize
ReadFile
DeleteFileA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetModuleHandleA
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
InterlockedExchange
VirtualFree
VirtualAlloc
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
CancelIo
LocalSize
GetPrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThread
MulDiv
SetLastError
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
LocalReAlloc
GetVersionExA
FreeLibrary
FindResourceA
LoadResource
SizeofResource
GetVersion
WritePrivateProfileStringA
UnhandledExceptionFilter

user32

RegisterClipboardFormatA
GetNextDlgGroupItem
CopyAcceleratorTableA
LockWindowUpdate
GetDCEx
GetSysColorBrush
GetClassNameA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
PostQuitMessage
SetCursorPos
LoadStringA
wvsprintfA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
DestroyMenu
CharUpperA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
IntersectRect
LoadIconA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetActiveWindow
SetParent
LoadBitmapA
GetWindowDC
SetWindowRgn
IsZoomed
SetMenu
GetDesktopWindow
CopyIcon
PtInRect
SetRectEmpty
DrawFrameControl
GetCursor
DestroyCursor
GetClassInfoA
DefWindowProcA
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
IsWindow
MessageBeep
OffsetRect
RedrawWindow
InflateRect
FindWindowA
DestroyIcon
LoadImageA
CharNextA
LoadMenuA
GetSubMenu
GetCursorPos
DeleteMenu
LoadCursorA
ClipCursor
SetClassLongA
ReleaseDC
SendMessageTimeoutA
GetDC
CheckMenuRadioItem
AppendMenuA
GetSystemMenu
SendMessageA
GetMenuState
SetWindowLongA
GetClientRect
ShowOwnedPopups
GetWindowRect
GetSystemMetrics
GetWindowLongA
GetKeyState
DrawIconEx
ShowScrollBar
GetScrollBarInfo
PostThreadMessageA
GetPropA
EnableMenuItem
CheckMenuItem
DrawTextA
PostMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SystemParametersInfoA
EnableWindow
DispatchMessageA
TranslateMessage
GetMenuItemCount
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
GetParent
ReleaseCapture
ClientToScreen
WindowFromPoint
UpdateWindow
ScreenToClient
SetCursor
SetCapture
GetWindow
SetTimer
CreateMenu
GetMenuStringA
InsertMenuA
KillTimer
SetRect
IsWindowVisible
FillRect
GetSysColor
InvalidateRect
GetMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
ScaleViewportExtEx
PtVisible
RectVisible
Escape
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
LPtoDP
GetTextColor
GetBkColor
PatBlt
CreateRectRgnIndirect
PtInRegion
CreateFontIndirectA
GetPixel
Rectangle
PlgBlt
CreateBitmap
FillRgn
CreatePolygonRgn
GetObjectA
SetBkMode
TextOutA
CreatePen
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
CreatePatternBrush
GetClipBox
SetBkColor
SetTextColor
ExtTextOutA
SetStretchBltMode
CreateDIBitmap
StretchBlt
StretchDIBits
DeleteObject
DeleteDC
SelectObject
CreateDIBSection
GetTextExtentPointA
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExA
RegSetValueA
RegCreateKeyA
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
DragQueryFileA
DragFinish
ExtractIconA
Shell_NotifyIconA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
ord71
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_Destroy
ord17
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked

oledlg

ord8

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
CLSIDFromProgID
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

skinh

SkinH_SetAero
SkinH_AttachRes

ws2_32

WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAGetLastError
accept
socket
WSARecv
WSASend
WSACloseEvent
WSAIoctl
select
connect
gethostbyname
ioctlsocket
bind
listen
WSAEventSelect
inet_ntoa
getpeername
closesocket
ntohs
getsockname
shutdown
setsockopt
WSAStartup
WSACleanup
htons

avifil32

AVIFileInit
AVIFileExit
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVISaveOptionsFree
AVISaveOptions
AVIFileCreateStreamA

msvfw32

ord2
DrawDibDraw
DrawDibOpen
DrawDibClose

imm32

ImmAssociateContext

winmm

waveOutUnprepareHeader
waveOutReset
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose

Sections

.text
Size: 960KB - Virtual size: 957KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76b8611d83b9082bab66bfb7771311bc

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

skinh

ws2_32

avifil32

msvfw32

imm32

winmm

Sections

.text Size: 960KB - Virtual size: 957KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 228KB - Virtual size: 225KB

.data Size: 2.0MB - Virtual size: 2.5MB

.rsrc Size: 180KB - Virtual size: 176KB

.text
Size: 960KB - Virtual size: 957KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 228KB - Virtual size: 225KB

.data
Size: 2.0MB - Virtual size: 2.5MB

.rsrc
Size: 180KB - Virtual size: 176KB