gh0strat | 28fa1b825e4d108ac1006ff7e11073e706bd965c81f3cd6991036e1ef85950e5

Sharing

Copy URL Twitter E-mail

General

Target

28fa1b825e4d108ac1006ff7e11073e706bd965c81f3cd6991036e1ef85950e5
Size

3.5MB
MD5

fbc5ef5f492884f76c98bb2507078289
SHA1

f4c58ad48e8bf297c1ac8583513cf642436eae31
SHA256

28fa1b825e4d108ac1006ff7e11073e706bd965c81f3cd6991036e1ef85950e5
SHA512

b75b4d933be76ffc3c92f24938efd5be62ad7a45f72231a0ea59122a5c893a1c5f007b5181d0290a97c3b83f3e050c35270bccea7e84aeec2d2439b477e60dd3
SSDEEP

49152:Ng+/9/fLPelCKo9/T1mevyjSMEvcDWKTCR/BOzIApvu0bdXYi7/tJYMwt:KeVje0lUvYRJOzI0LV1t2Mwt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28fa1b825e4d108ac1006ff7e11073e706bd965c81f3cd6991036e1ef85950e5

Files

28fa1b825e4d108ac1006ff7e11073e706bd965c81f3cd6991036e1ef85950e5
.exe windows:4 windows x86 arch:x86

76b8611d83b9082bab66bfb7771311bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
SHAutoComplete

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
LCMapStringW
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
SetUnhandledExceptionFilter
GetProfileStringA
LCMapStringA
IsValidLocale
InitializeCriticalSection
IsBadWritePtr
HeapCreate
lstrcatA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
HeapDestroy
GetEnvironmentVariableA
HeapSize
HeapReAlloc
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
TerminateProcess
CloseHandle
TerminateThread
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreateEventA
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
WriteFile
SetFilePointer
CreateFileA
lstrcmpA
lstrlenA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
GetModuleFileNameA
GetFileSize
ReadFile
DeleteFileA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetModuleHandleA
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
InterlockedExchange
VirtualFree
VirtualAlloc
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
CancelIo
LocalSize
GetPrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThread
MulDiv
SetLastError
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
LocalReAlloc
GetVersionExA
FreeLibrary
FindResourceA
LoadResource
SizeofResource
GetVersion
WritePrivateProfileStringA
UnhandledExceptionFilter

user32

RegisterClipboardFormatA
GetNextDlgGroupItem
CopyAcceleratorTableA
LockWindowUpdate
GetDCEx
GetSysColorBrush
GetClassNameA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
PostQuitMessage
SetCursorPos
LoadStringA
wvsprintfA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
DestroyMenu
CharUpperA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
IntersectRect
LoadIconA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetActiveWindow
SetParent
LoadBitmapA
GetWindowDC
SetWindowRgn
IsZoomed
SetMenu
GetDesktopWindow
CopyIcon
PtInRect
SetRectEmpty
DrawFrameControl
GetCursor
DestroyCursor
GetClassInfoA
DefWindowProcA
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
IsWindow
MessageBeep
OffsetRect
RedrawWindow
InflateRect
FindWindowA
DestroyIcon
LoadImageA
CharNextA
LoadMenuA
GetSubMenu
GetCursorPos
DeleteMenu
LoadCursorA
ClipCursor
SetClassLongA
ReleaseDC
SendMessageTimeoutA
GetDC
CheckMenuRadioItem
AppendMenuA
GetSystemMenu
SendMessageA
GetMenuState
SetWindowLongA
GetClientRect
ShowOwnedPopups
GetWindowRect
GetSystemMetrics
GetWindowLongA
GetKeyState
DrawIconEx
ShowScrollBar
GetScrollBarInfo
PostThreadMessageA
GetPropA
EnableMenuItem
CheckMenuItem
DrawTextA
PostMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SystemParametersInfoA
EnableWindow
DispatchMessageA
TranslateMessage
GetMenuItemCount
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
GetParent
ReleaseCapture
ClientToScreen
WindowFromPoint
UpdateWindow
ScreenToClient
SetCursor
SetCapture
GetWindow
SetTimer
CreateMenu
GetMenuStringA
InsertMenuA
KillTimer
SetRect
IsWindowVisible
FillRect
GetSysColor
InvalidateRect
GetMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
ScaleViewportExtEx
PtVisible
RectVisible
Escape
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
LPtoDP
GetTextColor
GetBkColor
PatBlt
CreateRectRgnIndirect
PtInRegion
CreateFontIndirectA
GetPixel
Rectangle
PlgBlt
CreateBitmap
FillRgn
CreatePolygonRgn
GetObjectA
SetBkMode
TextOutA
CreatePen
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
CreatePatternBrush
GetClipBox
SetBkColor
SetTextColor
ExtTextOutA
SetStretchBltMode
CreateDIBitmap
StretchBlt
StretchDIBits
DeleteObject
DeleteDC
SelectObject
CreateDIBSection
GetTextExtentPointA
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExA
RegSetValueA
RegCreateKeyA
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
DragQueryFileA
DragFinish
ExtractIconA
Shell_NotifyIconA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
ord71
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_Destroy
ord17
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked

oledlg

ord8

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
CLSIDFromProgID
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

skinh

SkinH_SetAero
SkinH_AttachRes

ws2_32

WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAGetLastError
accept
socket
WSARecv
WSASend
WSACloseEvent
WSAIoctl
select
connect
gethostbyname
ioctlsocket
bind
listen
WSAEventSelect
inet_ntoa
getpeername
closesocket
ntohs
getsockname
shutdown
setsockopt
WSAStartup
WSACleanup
htons

avifil32

AVIFileInit
AVIFileExit
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVISaveOptionsFree
AVISaveOptions
AVIFileCreateStreamA

msvfw32

ord2
DrawDibDraw
DrawDibOpen
DrawDibClose

imm32

ImmAssociateContext

winmm

waveOutUnprepareHeader
waveOutReset
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose

Sections

.text
Size: 960KB - Virtual size: 957KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76b8611d83b9082bab66bfb7771311bc

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

skinh

ws2_32

avifil32

msvfw32

imm32

winmm

Sections

.text Size: 960KB - Virtual size: 957KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 228KB - Virtual size: 225KB

.data Size: 2.0MB - Virtual size: 2.5MB

.rsrc Size: 180KB - Virtual size: 177KB

.text
Size: 960KB - Virtual size: 957KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 228KB - Virtual size: 225KB

.data
Size: 2.0MB - Virtual size: 2.5MB

.rsrc
Size: 180KB - Virtual size: 177KB