gh0strat | 43f0c100f52d9532d8036747c3dacba8cf1c56cabf424dbd5bb9a363d0a5c634 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43f0c100f52d9532d8036747c3dacba8cf1c56cabf424dbd5bb9a363d0a5c634
Size

111KB
MD5

a28f7ed1395ed540a94f8db47d97ae36
SHA1

a1ae6f2db205868622f3349e92ad25d5081eb6aa
SHA256

43f0c100f52d9532d8036747c3dacba8cf1c56cabf424dbd5bb9a363d0a5c634
SHA512

861756086833af95ec5b97f6e1c698e221542f2d4a7dfe448bd3e22ac4049e485383efbfb117bd5c5f10829a09379e1f6692705e1b937e5beeefbdaf273fe628
SSDEEP

1536:qjAZXGnnFriOOkqzIEPm4ectSLfL3e/H6n2OMO/dup4G:qjA6nNgPm4eaSbL3efI2OMO/M2G

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f0c100f52d9532d8036747c3dacba8cf1c56cabf424dbd5bb9a363d0a5c634

Files

43f0c100f52d9532d8036747c3dacba8cf1c56cabf424dbd5bb9a363d0a5c634
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BITSAlloc
BITSFree
BITSServiceMain
BytesRemainingInCurrentRange
CNestedImpersonation
CalculateBytesTotal
DllRegisterServer
DllUnregisterServer
EmptyString
Find
FindInterfaceIndex
GetSubRanges
HostFromProxyDescription
MyLive
PROXY_SETTINGS_CONTAINER

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ