gh0strat | 85b9029e5b0421faee6bebf71590ef19492764aa65166ea775423b1b84e89114

General

Target

85b9029e5b0421faee6bebf71590ef19492764aa65166ea775423b1b84e89114
Size

1.5MB
MD5

d84dec360ed8661c5df37c32282a4378
SHA1

6ec2d60303f7182a8525e2283353e0b3116f3b82
SHA256

85b9029e5b0421faee6bebf71590ef19492764aa65166ea775423b1b84e89114
SHA512

7cd2f950ad1c3e7d87e3c57f4ab09ce7a7e41b8a92ac40e5ed2f4aea88f3bb2203ba5bb3cac1beffcdeeb595b593d1fe2ed32679481056284c771882502114ee
SSDEEP

49152:/LRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRLRr:1

Score

10^/10

upx gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_gh0strat

Gh0strat family
gh0strat

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
85b9029e5b0421faee6bebf71590ef19492764aa65166ea775423b1b84e89114
unpack001/out.upx

Files

85b9029e5b0421faee6bebf71590ef19492764aa65166ea775423b1b84e89114
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PluginMe

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 509B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 26KB - Virtual size: 28KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 509B

.reloc Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 26KB - Virtual size: 28KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 509B

.reloc
Size: 2KB - Virtual size: 1KB