General

  • Target

    ghost.zip

  • Size

    9.0MB

  • MD5

    c70763b3a3fb13ea9444b08816086d85

  • SHA1

    9b3925f033737cfd5f99c98c52b7185b6e08b810

  • SHA256

    2834a96c7b3f15e3d22b8f3b507874a6c281592096023c3ff28bc5ec3f0e4286

  • SHA512

    d4f804d11f75a57026279f78ac8e13f3c3f2d85199caf785995d3c6a85d049bf7f0c732076f92c697365b57aeb8f79732ea656b2775e58aba3a5e32ee8923d56

  • SSDEEP

    196608:pvsZOCE3wQUhyTsu2VgBtdfAIpgCNjBzm/9OyMoqr8H6rC2K5K:pveEAQUhyTqQtdvgE0IoQLJSK

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • ghost.zip
    .zip
  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/GHOSTERR.TXT
  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/Ghost32.exe
    .exe windows:5 windows x86 arch:x86

    fc593133a245c9a8d25e287f8d08ff91


    Headers

    Imports

    Sections

  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/Ghost64.exe
    .exe windows:5 windows x64 arch:x64

    e7821076fcbcf4c09f91710f33290701


    Headers

    Imports

    Sections

  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/Ghostexp.exe
    .exe windows:5 windows x86 arch:x86

    09f81f37fbc5cbd977ba3a06e1e607e3


    Code Sign

    Headers

    Imports

    Sections

  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/Ghostexp64.exe
    .exe windows:5 windows x64 arch:x64

    c1df2a90bae867dedcceab4301c66831


    Code Sign

    Headers

    Imports

    Sections

  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/ghost32.dmp
  • Norton Ghost 12 + Ghost Explorer 2013 (x32-x64) Portable [ENDO]/ghstwarn.txt