gh0strat | 0c485aaef00bfd858b7b2e87d13edce7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c485aaef00bfd858b7b2e87d13edce7_JaffaCakes118
Size

148KB
MD5

0c485aaef00bfd858b7b2e87d13edce7
SHA1

90e5e09972e1fc161361e156d77dfbfa890ad686
SHA256

6201f81f13509a521d7f887076cee38708e681d8d28f8b1d5647e3aae705d66e
SHA512

35c23596b4b46917bad910d1b93b42f56c13a3d1ba4ed57493a5999d57c8ab1b0ceadf7c4680456d1aa63a0c35710d526e7c959507e28d1022c2cd681aac8cf0
SSDEEP

3072:Z33r6qbj/YswD4DRDjupERwDV9goHXTBft38cxDg:lb6o4DIRXuWeSoHXTBlFx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c485aaef00bfd858b7b2e87d13edce7_JaffaCakes118

Files

0c485aaef00bfd858b7b2e87d13edce7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0c91ebd6312b5247a5c0772db8b8a053

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
GetCursorInfo
CloseWindowStation
CreateWindowExA
DestroyWindow
MessageBoxA
wsprintfA
DestroyCursor
wvsprintfA
LoadCursorA

advapi32

RegisterServiceCtrlHandlerExA
RegOpenKeyExW

oleaut32

SysFreeString

shlwapi

SHDeleteKeyA

kernel32

GetTempFileNameA
IsBadStringPtrW
IsBadReadPtr
ExitThread
RemoveDirectoryA
GlobalMemoryStatusEx
GetProcessTimes
GetSystemInfo
GlobalAlloc
GlobalFree
LoadLibraryA
RaiseException
DeleteFileA
IsBadWritePtr
FormatMessageA
SetUnhandledExceptionFilter
LocalReAlloc
LocalSize
lstrlenA
CloseHandle
lstrcmpiA
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
GetTickCount
GetLastError
InterlockedExchange
MultiByteToWideChar
FreeLibrary
GetProcAddress
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
LocalFree
LocalAlloc
ExitProcess
GetSystemDirectoryA
GetCommandLineA
VirtualQuery
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetShortPathNameA
GetFileAttributesExA
SetEnvironmentVariableA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetModuleFileNameA

ws2_32

recv
getsockname
shutdown
send
closesocket
select
WSACleanup
gethostname
gethostbyname
socket
connect
setsockopt
WSAIoctl
WSAStartup

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

iphlpapi

GetAdaptersInfo

msvcrt

time
srand
rand
malloc
realloc
strchr
_except_handler3
strstr
_ftol
ceil
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
wcsrchr
_beginthreadex
_onexit
__dllonexit
_adjust_fdiv
_initterm
_strupr
_wcsicmp
_memicmp
free
_stricmp
_strlwr
wcslen
wcstombs
atoi
strrchr
strncat

Exports

Exports

AutoDialFunc
CmCustomDialDlg
CmCustomHangUp
CmReConnect
GetCustomProperty
InetDialHandler
RasCustomDeleteEntryNotify
RasCustomDial
RasCustomDialDlg
RasCustomEntryDlg
RasCustomHangUp

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c91ebd6312b5247a5c0772db8b8a053

Headers

File Characteristics

Imports

user32

advapi32

oleaut32

shlwapi

kernel32

ws2_32

userenv

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB