gh0strat | 181486b2f9310bb38b4e3098d8142cdc_JaffaCakes118

General

Target

181486b2f9310bb38b4e3098d8142cdc_JaffaCakes118
Size

81KB
MD5

181486b2f9310bb38b4e3098d8142cdc
SHA1

dc3512cd8c487f2bb67e8fe2f8442fc1b0dcfa1e
SHA256

88c803874539d0a1ab5cbcfcf326f760bf731032aac4bc1cb8333c262727cece
SHA512

15919aae51333ed5eadd2a939216552d9cc6125e41459d57313d16fd891c13d112eae73e654269cb9bd93bf6c2d127c6f28fa570a0c55f51ce638bbf3052512a
SSDEEP

1536:t/8yQpjuSNrwCxA5A2VJPJmPczpYfule3XuL1wg3GSEq:tUyQp6SNrwCQFVJPwP0pCuleHuhwg3Gi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181486b2f9310bb38b4e3098d8142cdc_JaffaCakes118

Files

181486b2f9310bb38b4e3098d8142cdc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dba57235a0f54e6049415fae65b15d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
MultiByteToWideChar
GetSystemDirectoryA
DeleteFileA
SetFileAttributesA
MoveFileA
CloseHandle
lstrlenA
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
GetLocalTime
GetTempPathA
lstrcpyA
lstrcmpiA
SetLastError
GetFileAttributesA
lstrcmpA
ReadFile
SetFilePointer
GetModuleFileNameA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strchr
malloc
realloc
_except_handler3

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dba57235a0f54e6049415fae65b15d8

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 67KB - Virtual size: 67KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 67KB - Virtual size: 67KB