gh0strat | ff4ce281f4c7733a371e26eeadecdfd0N

Sharing

Copy URL Twitter E-mail

General

Target

ff4ce281f4c7733a371e26eeadecdfd0N
Size

32KB
MD5

ff4ce281f4c7733a371e26eeadecdfd0
SHA1

7b7dc9f946f44b755868f320f9e93d4faccba8db
SHA256

1a8785ebf4f7765e029dc1ef0060285df38fe4518356cf7f08b867eed21f124b
SHA512

cb58961be7931a2f2bfda712bda7774656a13edf665effd50758f652d2cd965478d3a567319cac64cfe86ec7b4de24e4b39803e9b02eaf0ae6391fe93b99e4b3
SSDEEP

384:QGT5KZZe06pZ+PZUn8NscLb/AYaisIXY0Rk7Ek7y9mTFSy64pOqKtgL:HmZe0AZCZUn8NsSVoqIEI9x9tKU

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff4ce281f4c7733a371e26eeadecdfd0N

Files

ff4ce281f4c7733a371e26eeadecdfd0N
.dll windows:4 windows x86 arch:x86

1df33cbc829debadd621ce916ef4a884

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_strupr
??1type_info@@UAE@XZ
strncat
strchr
??3@YAXPAX@Z
sprintf
printf
system
strrchr
strncpy
_except_handler3
malloc
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
_beginthreadex

ws2_32

setsockopt
connect
WSACleanup
htons
gethostbyname
socket
select
recv
closesocket
send
WSAIoctl
WSAStartup

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

kernel32

CloseHandle
RemoveDirectoryA
GetLogicalDriveStringsA
LoadLibraryA
GetProcAddress
GetDiskFreeSpaceExA
GetDriveTypeA
FreeLibrary
ExpandEnvironmentStringsA
lstrcatA
CreateProcessA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
GetLastError
FindFirstFileA
LocalAlloc
LocalReAlloc
LocalSize
LocalFree
FindNextFileA
GetCurrentThreadId
WriteFile
OutputDebugStringA
SetFilePointer
ReadFile
CreateFileA
GetFileSize
CopyFileA
MoveFileA
FindClose
DeleteFileA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
SetFileAttributesA
WaitForSingleObject
CreateEventA
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection

user32

wsprintfA
CharNextA

Exports

Exports

PluginMe

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1df33cbc829debadd621ce916ef4a884

Headers

File Characteristics

Imports

msvcrt

ws2_32

msvcp60

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB