gh0strat | 04515a091077ccaffda1d1c670fc9bb0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04515a091077ccaffda1d1c670fc9bb0_JaffaCakes118
Size

108KB
MD5

04515a091077ccaffda1d1c670fc9bb0
SHA1

d539ab5df758ec7d120fb0d66c63d3b657674d2e
SHA256

cee054e7a58b08fc853e7f5ba4b7946ced8a520698c8b227f1ea4e7fe2a6d3a3
SHA512

32ba0a95fed0ada11d33fe6126ab2442b4a73a192adff965db66ae73781053f13cba4ece635a74f0029e55a5db98985b4fc6e88d167c4e8ef5835af55c9f3992
SSDEEP

1536:traNrmbq44pc2bbKXcKEyfffQx1J1KWb75aGa4DfktSEx:traNrmbqkweXREEffQx191aZ47ktSEx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04515a091077ccaffda1d1c670fc9bb0_JaffaCakes118

Files

04515a091077ccaffda1d1c670fc9bb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4addb2c6fd657f895e8131d62b33f74c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
WriteFile
LocalAlloc
PeekNamedPipe
WaitForMultipleObjects
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
FreeConsole
LocalSize
Process32Next
LocalReAlloc
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
SetStdHandle
GetOEMCP
GetACP
FlushFileBuffers
LCMapStringW
LCMapStringA
GetLocalTime
MoveFileA
MoveFileExA
GetSystemDirectoryA
TerminateThread
GetTickCount
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
CreateProcessA
LocalFree
SetLastError
GetLastError
GetModuleFileNameA
CreateFileA
InitializeCriticalSection
SetFilePointer
ReadFile
lstrlenA
DeleteFileA
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
Process32First
GetCPInfo
GetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
IsBadWritePtr
SetUnhandledExceptionFilter
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA

user32

IsWindowVisible
GetWindowTextA
EnumWindows
ExitWindowsEx
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
GetWindowThreadProcessId
wsprintfA
CloseDesktop

advapi32

LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle

shlwapi

SHDeleteKeyA

ws2_32

WSACleanup
WSAStartup
WSAIoctl
setsockopt
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
getsockname
connect

msvcrt

_strrev

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain
aaaaaa
bbbbbbbbbbb

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4addb2c6fd657f895e8131d62b33f74c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

msvcrt

psapi

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 105KB

.rsrc Size: 1024B - Virtual size: 1016B

.text
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 1024B - Virtual size: 1016B