gh0strat | cc1408fd7664503e86e258ed646a516162e4886587c7d4e78ebcbb08b7d92792N

Sharing

Copy URL

Twitter E-mail

General

Target

cc1408fd7664503e86e258ed646a516162e4886587c7d4e78ebcbb08b7d92792N
Size

120KB
MD5

f8716641ad60851fc2a8ab3f4a32da40
SHA1

70e98094e90f037ba518a27bd36f91deee5a0a6f
SHA256

cc1408fd7664503e86e258ed646a516162e4886587c7d4e78ebcbb08b7d92792
SHA512

c59f6f4c4d0fa7159a229719929b3aaf49ec8aa9279ae2be5223df942f7db4821134da2857152799e6454e85154022202c6628ecdd9df438a6b167eb78edb3b4
SSDEEP

1536:BtBWNj3eaAacutelTheuISuScyA1fVmEa0B05npSsM6I1iDxtAN89:BKNKZaYouISuSZAtVmErq5np7MV1iDTP

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc1408fd7664503e86e258ed646a516162e4886587c7d4e78ebcbb08b7d92792N

Files

cc1408fd7664503e86e258ed646a516162e4886587c7d4e78ebcbb08b7d92792N
.dll windows:4 windows x86 arch:x86

aa884a5b49824d86a0b946178abaa8be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
LocalFree
GetProcAddress

user32

SendMessageA
GetCursorInfo
DestroyCursor
IsWindow
CreateWindowExA
GetSystemMetrics
LoadCursorA
MessageBoxA

msvcrt

__CxxFrameHandler
ceil
_ftol
strstr
memmove
_CxxThrowException
free
??3@YAXPAX@Z
_except_handler3
strrchr
atoi
strncmp
strncpy
strchr
_errno
strncat
realloc
atol
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??2@YAPAXI@Z
_strrev
_strnicmp
_strupr
malloc
_strcmpi

winmm

waveInStop
waveOutWrite
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutPrepareHeader
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutUnprepareHeader
waveInGetNumDevs

ws2_32

listen
sendto
recvfrom
__WSAFDIsSet
gethostname
accept
bind
getsockname
connect
ntohs
inet_addr
inet_ntoa
send
closesocket
recv
select
socket
gethostbyname
WSAStartup
WSACleanup
htons
setsockopt
WSAIoctl
getpeername

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvfw32

ICSendMessage

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Exports

Exports

Main
ServiceMain
main

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa884a5b49824d86a0b946178abaa8be

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

winmm

ws2_32

msvcp60

msvfw32

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB