gh0strat | 8dd5ea03f0630a88cb5a0fb887f91e6d033214fbf2a66d034b49bd21f29f99a7

Sharing

Copy URL

Twitter E-mail

General

Target

8dd5ea03f0630a88cb5a0fb887f91e6d033214fbf2a66d034b49bd21f29f99a7
Size

336KB
MD5

0d849e9a97bdb2c96d28b52a6f4588c1
SHA1

3ec2457a51f498b9399c5f2c391da0620e9d4cdf
SHA256

8dd5ea03f0630a88cb5a0fb887f91e6d033214fbf2a66d034b49bd21f29f99a7
SHA512

11be26c62eb9ae47f3140845d0f125816adf6e129e7e233edcbc1ece14d2212b8c0e7caf912e99f24b5a94421512a2c7a1e9e0897b59316b93498491133ccb56
SSDEEP

1536:yioiq7E9oZuTsenhY8kwtuwL7hSm1Rh+wIOdnToIfAUfekGHETKw:KiqTesEY8mwnhS1mVTBfAUfaHETv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource yara_rule

sample family_gh0strat
Gh0strat family
gh0strat

resource	yara_rule
sample	family_gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8dd5ea03f0630a88cb5a0fb887f91e6d033214fbf2a66d034b49bd21f29f99a7

Files

8dd5ea03f0630a88cb5a0fb887f91e6d033214fbf2a66d034b49bd21f29f99a7
.exe windows:4 windows x86 arch:x86

096944358bd274221a9df990c5133311

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord554
ord529
ord366
ord825
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord860
ord800
ord540
ord5572
ord2915
ord2818
ord858
ord2614
ord2863
ord1175
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord561
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord5012
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord5290
ord3402
ord3610
ord656
ord567
ord364
ord784
ord2370
ord2302
ord5260
ord924
ord1168
ord5677
ord3495
ord4720
ord6334
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord6385
ord6199
ord535
ord3177
ord3499
ord2515
ord355
ord537
ord4277
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord2621
ord823

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_CxxThrowException
_mbsicmp
__CxxFrameHandler

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA

user32

InsertMenuA
RemoveMenu
GetSubMenu
GetMenu
UpdateWindow
EnableWindow
MessageBoxA
SendMessageA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

096944358bd274221a9df990c5133311

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 296KB - Virtual size: 296KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 296KB - Virtual size: 296KB

.rsrc
Size: 12KB - Virtual size: 8KB