gh0strat | 1019f55a2cd340e0e731033e7ba716c9_JaffaCakes118

General

Target

1019f55a2cd340e0e731033e7ba716c9_JaffaCakes118
Size

126KB
MD5

1019f55a2cd340e0e731033e7ba716c9
SHA1

b59b1ce2af39417d369b3cb9c71d1b43498fcab5
SHA256

9243704e53775864a3539741c11977837c032bc54d9ace1833cc870a64f1ed5c
SHA512

897ddc026c2ec1b84d1883eafd3133cabed68cf2f90959ed589c8ed29635fab9392d2ed5265f4b7cb08ea7da488595bb04567f17f95ab42daed9becb0d0cd32b
SSDEEP

3072:evjVZZyQ7/rSojXfobaCl+xUDB9I8vhGtIgsdXaF8OT:YjVPyQ7DScfobXggB22hGtIgsdkP

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1019f55a2cd340e0e731033e7ba716c9_JaffaCakes118

Files

1019f55a2cd340e0e731033e7ba716c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f501c3acb60422f85b1401aa1089304d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
GetModuleFileNameA
ExitProcess
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LoadResource
FindResourceA
GetTickCount
GetTempPathA
FreeLibrary
LoadLibraryA
ReadFile
SetFilePointer
lstrcpyA
SetLastError
GetFileAttributesA
lstrcmpA
Sleep
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
GetCommandLineA
ReleaseMutex
WinExec
CreateMutexA
GetCurrentThreadId
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc

msvcrt

sprintf
strrchr
strncpy
strncmp
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strchr
malloc
realloc
_except_handler3

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f501c3acb60422f85b1401aa1089304d

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 18KB - Virtual size: 18KB

.rsrc Size: 106KB - Virtual size: 106KB

.text
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 106KB - Virtual size: 106KB