c1bb1a85925a21388232c04929c10707e1979ed4201497435c86679cebfb36f5

Sharing

Copy URL Twitter E-mail

General

Target

c1bb1a85925a21388232c04929c10707e1979ed4201497435c86679cebfb36f5
Size

291KB
MD5

9e40938e1711955dc39fc2b946b508fc
SHA1

2cb7fc8b0c845eb7d844638625e40335eb07401e
SHA256

c1bb1a85925a21388232c04929c10707e1979ed4201497435c86679cebfb36f5
SHA512

e88522f49bb5f0197498b2389a576d245e1ec082d9368ba7c83db8aca3a4fe790ac5d7f2357d4b2eac9bd2232691b6ede8e0e4fcd76ed2cfde649c930d341a69
SSDEEP

6144:WytI79Q0g+n4tb+4kRvXj2JhxZcRGhg0mo:n2c+4tbSzwc4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1bb1a85925a21388232c04929c10707e1979ed4201497435c86679cebfb36f5

Files

c1bb1a85925a21388232c04929c10707e1979ed4201497435c86679cebfb36f5
.exe windows:6 windows x86 arch:x86

ab05cebac7a36a185b8cfc60206e93ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Goat\Desktop\Gh0st\Release\Server.pdb

Imports

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

netapi32

Netbios

kernel32

Process32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
ReadProcessMemory
WideCharToMultiByte
SetFileAttributesA
ExitProcess
GetSystemInfo
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
GetSystemDefaultUILanguage
GetModuleFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
CreateProcessA
CreateFileA
WriteFile
TerminateProcess
WinExec
GetEnvironmentVariableA
MultiByteToWideChar
LocalFree
LocalAlloc
GetShortPathNameA
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
OutputDebugStringA
CreateThread
lstrcmpA
CopyFileA
GetLocalTime
GetTempPathA
GetFileSize
SetFilePointer
TerminateThread
lstrcmpiA
lstrcatA
GetLastError
GetWindowsDirectoryA
ReadFile
AttachConsole
GetConsoleProcessList
FreeConsole
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
VirtualProtect
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
GetStringTypeW
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
Process32First
CreateToolhelp32Snapshot
GetTickCount
GetVersionExA
lstrcpyA
lstrlenA
GetPrivateProfileStringA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
LCMapStringEx
SetEvent
CancelIo
ResetEvent
CloseHandle
WaitForSingleObject
CreateEventA
VirtualAlloc
VirtualFree
GetCPInfo
RtlUnwind
LocalSize
GetFileAttributesExW
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EncodePointer
InitializeSListHead
GetTimeZoneInformation
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
GetCommandLineW
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
SetLastError

user32

ShowWindow
BroadcastSystemMessageA
SendMessageA
GetForegroundWindow
GetLastInputInfo
ReleaseDC
GetDC
GetClassNameA
wsprintfA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
FindWindowA
GetAsyncKeyState
GetWindow
GetKeyState
GetWindowTextA

gdi32

GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
DeleteObject

advapi32

ClearEventLogA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
CloseEventLog
OpenEventLogA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetKnownFolderPath
ShellExecuteA
SHChangeNotify
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathStripPathA

ws2_32

WSACleanup
WSAStartup
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
select
recv
closesocket
send
gethostname
getsockname

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab05cebac7a36a185b8cfc60206e93ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

netapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 13KB - Virtual size: 12KB