gh0strat | 14de41ccb8a35da5a34b4775b0e11a9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

14de41ccb8a35da5a34b4775b0e11a9d_JaffaCakes118
Size

696KB
MD5

14de41ccb8a35da5a34b4775b0e11a9d
SHA1

88e62380a44b584bd0a28b829a5688ef3e769f9f
SHA256

d994f9b086c3ad8c4cb9456e09ae74cdfd7c8b646a2904a2b9ddb4ba79840c10
SHA512

7e2b931009ecccba5e6548eccc48c6ec479140e9c955992e903a30049b1cb9161e3273755dd1b95af44febe4d58040f29bb62a7b95bb434979b5bcc1d830fae6
SSDEEP

12288:BNPz2Y8FFy8/ksx+bwFslAMfNQ+6H9mSEiQfWCk/u:HzQnCwFsdNgmS1QfHk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14de41ccb8a35da5a34b4775b0e11a9d_JaffaCakes118

Files

14de41ccb8a35da5a34b4775b0e11a9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac3f36eff4b741e8eb1c828870938065

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader

kernel32

GetProfileStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
ExitThread
TerminateProcess
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
lstrlenA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
FreeLibrary
GetVersionExA
GetVersion
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA

user32

BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
LoadBitmapA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
SetMenu
UnregisterClassA
HideCaret
DeferWindowPos
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DispatchMessageA
RedrawWindow
GetDesktopWindow
SystemParametersInfoA
CharNextA
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
IsZoomed
TranslateMessage
GetMessageA
LoadIconA
SendMessageA
EnableWindow
SetRect
DestroyMenu
DestroyCursor
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
PostMessageA
TrackPopupMenuEx
GetSubMenu
GetWindowRect
DrawFocusRect
InflateRect
CopyRect
GetClientRect
OffsetRect
DrawStateA
FillRect
GetSysColor
ReleaseDC
GetDC
GetIconInfo
LoadImageA
LoadMenuA
FrameRect
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
CharUpperA
PostThreadMessageA
SetParent
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
BringWindowToTop
UnpackDDElParam
TranslateAcceleratorA
ReuseDDElParam
LoadCursorA
DefWindowProcA
GetClassInfoA
GetCursor
DrawFrameControl
SetRectEmpty
SetTimer
SetCapture
ReleaseCapture
GetKeyState
ShowCaret
FindWindowA

gdi32

DeleteObject
GetTextExtentPointA
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
GetTextExtentPoint32A
LPtoDP
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateDIBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

shell32

ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ShellExecuteA
ord71
SHGetFileInfoA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleFlushClipboard
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

shlwapi

SHAutoComplete

ws2_32

WSAGetLastError
getpeername
ioctlsocket
connect
select
send
recv
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
inet_ntoa
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup
closesocket

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery

avifil32

AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibClose
DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac3f36eff4b741e8eb1c828870938065

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 208KB - Virtual size: 205KB

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 208KB - Virtual size: 205KB