gh0strat | f93045dc4c291a3f0f2e5eaaacb60940_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f93045dc4c291a3f0f2e5eaaacb60940_JaffaCakes118
Size

696KB
MD5

f93045dc4c291a3f0f2e5eaaacb60940
SHA1

169cacf972cef44d3d86a7c95a2e780c965f5794
SHA256

7dd1a7b3825b20a10279508b60cea71bf3776c58823465db83b87bcd53164e6a
SHA512

64f0ba3f93b07ceb3f0f925b097705805423baf1fb15f9e129f726612f891274b9684b8f5cbfb86535b93a75a8d36a623db285247c31676842a0bf749398a54e
SSDEEP

12288:qK2eCq37fziBPVmEMT+rvNQBhjqOxlt6i6+9SSoge/jY1uQ8:WTcuBPiTuvNejLAuSSoL/jeuQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f93045dc4c291a3f0f2e5eaaacb60940_JaffaCakes118

Files

f93045dc4c291a3f0f2e5eaaacb60940_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33302841cde9c22421efaf69fe63bf44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader

kernel32

GetProfileStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
ExitThread
TerminateProcess
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
FreeLibrary
GetVersionExA
GetVersion
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA

user32

EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
LoadBitmapA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
TranslateAcceleratorA
UnregisterClassA
HideCaret
BeginDeferWindowPos
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DispatchMessageA
GetDesktopWindow
SystemParametersInfoA
SetMenu
CharNextA
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
IsZoomed
TranslateMessage
GetMessageA
LoadIconA
SendMessageA
EnableWindow
SetRect
DestroyMenu
DestroyCursor
FindWindowA
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
PostMessageA
TrackPopupMenuEx
GetSubMenu
GetWindowRect
DrawFocusRect
InflateRect
CopyRect
GetClientRect
OffsetRect
DrawStateA
FillRect
GetSysColor
ReleaseDC
GetDC
GetIconInfo
LoadImageA
LoadMenuA
FrameRect
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
PostThreadMessageA
SetParent
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
BringWindowToTop
UnpackDDElParam
LoadAcceleratorsA
ReuseDDElParam
LoadCursorA
DefWindowProcA
GetClassInfoA
GetCursor
DrawFrameControl
SetRectEmpty
SetTimer
SetCapture
ReleaseCapture
GetKeyState
ShowCaret
CharUpperA

gdi32

DeleteObject
GetTextExtentPointA
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
GetTextExtentPoint32A
LPtoDP
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateDIBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

shell32

ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ShellExecuteA
ord71
SHGetFileInfoA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleFlushClipboard
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

shlwapi

SHAutoComplete

ws2_32

WSAGetLastError
getpeername
ioctlsocket
connect
select
send
recv
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
inet_ntoa
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup
closesocket

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery

avifil32

AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibClose
DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33302841cde9c22421efaf69fe63bf44

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

Sections

.text Size: 376KB - Virtual size: 373KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 204KB - Virtual size: 201KB

.text
Size: 376KB - Virtual size: 373KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 204KB - Virtual size: 201KB