gh0strat | 176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebacaN

Sharing

Copy URL

Twitter E-mail

General

Target

176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebacaN
Size

7.1MB
MD5

2dcf9184a6873daf1b18b996b0ccd8a0
SHA1

9f53b9789feb11ef17629bc27bef805be1078fb8
SHA256

176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebaca
SHA512

9b0762234a3bb69535ff78a33b831283a5caec3ed184d5df56276677ecffa8514bcf4fbe426fbdf4dcfaf0455906650063156fa3d771c448df4effbb91b13438
SSDEEP

3072:gm06THCyt5mbCx6b41trGYTBfdpfZiJfLqye9aq:gm06TAb06gtrGYTBlpfcdqye9aq

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebacaN

Files

176e1919d26835b5477b3be9c53633debe0158a73fc7e05dbd74c81feb4ebacaN
.exe windows:4 windows x86 arch:x86

e51f98a12d2a79ff2aa8f29151f3b884

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord641
ord2506
ord5261
ord4370
ord4847
ord4992
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord4459
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord1143
ord1165
ord324
ord4229
ord4294
ord4704
ord2371
ord755
ord470
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord5157
ord4667
ord1569

msvcrt

_controlfp
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
__p__wpgmptr
swprintf
wcsrchr
time
srand
_wrename
_wfopen
rand
fwrite
fclose
exit
__CxxFrameHandler
_onexit

kernel32

GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
lstrcmpW
GetTempPathW
GetModuleFileNameW
LoadLibraryW
DeleteFileW
LoadResource
SizeofResource
FindResourceW
lstrcpyW
lstrlenW
GlobalAlloc
Sleep
WinExec
GetVersionExW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetStartupInfoW
lstrcatW

user32

GetClientRect
IsIconic
keybd_event
SetForegroundWindow
FindWindowW
DrawIcon
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
SendMessageW
SetWindowLongW
GetSystemMetrics
CloseClipboard
PostMessageW
LoadIconW

shell32

SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e51f98a12d2a79ff2aa8f29151f3b884

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

shell32

ole32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 75KB - Virtual size: 74KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 75KB - Virtual size: 74KB