gh0strat | 1816a1f03b14caa3638f4697d2018e92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1816a1f03b14caa3638f4697d2018e92_JaffaCakes118
Size

72KB
MD5

1816a1f03b14caa3638f4697d2018e92
SHA1

a97dfab342cfcdde730cea922a645e2b35b948da
SHA256

0f8a3767cced5a29c6e49d419fffb6ee1c8a0c5603fdfd0ea3e1aac9ac1a229e
SHA512

a3e7623c2440e3a687798416399e8a26f9575e3d4b756497e858fc377f1ef8bd87d1f0ce44f8a06c7fb2d63dd9d2bab3b62c14d07d78bfb1b9de8572d0629584
SSDEEP

1536:3cFs/4tKg3wEf4DpcGTqfToOCKZiVJycxNK0zI:3Q3T4DpFTsToOCKZkJyWNK0zI

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1816a1f03b14caa3638f4697d2018e92_JaffaCakes118

Files

1816a1f03b14caa3638f4697d2018e92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ea38f29967b26aab3f000f0b870c103c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
GlobalMemoryStatusEx
OpenEventA
FreeConsole
WinExec
HeapAlloc
GetCurrentThreadId
HeapFree
GetEnvironmentVariableA
GetTempPathA
GetTickCount
MoveFileExA
InterlockedExchange
VirtualAllocEx
GetCurrentProcess
SetLastError
MoveFileA
CreateEventA
GlobalSize
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
VirtualAlloc
GetModuleFileNameA
VirtualFree
DeleteFileA
GetVersionExA
FreeLibrary
lstrcatA
lstrcpyA
Sleep
ResetEvent
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryA
GetProcAddress
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle

msvcrt

calloc
_strnicmp
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_beginthreadex
wcstombs
atoi
realloc
strncat
_except_handler3
free
malloc
strchr
_CxxThrowException
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy

user32

GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetDC
GetUserObjectInformationA
PostMessageA
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
CloseDesktop
ReleaseDC
OpenInputDesktop
GetThreadDesktop
GetCursorPos
OpenDesktopA
wsprintfA
GetCursorInfo
BlockInput
LoadCursorA
DestroyCursor
SendMessageA
MapVirtualKeyA
SetThreadDesktop
SetCapture
WindowFromPoint
SetCursorPos
keybd_event
CloseClipboard
SetClipboardData
EmptyClipboard

gdi32

CreateDIBSection
DeleteObject
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

AddAccessAllowedAce
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegSetKeySecurity
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
FreeSid
SetSecurityDescriptorDacl

ws2_32

WSAStartup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
select
getsockname
gethostname
send
closesocket
recv
WSACleanup

avicap32

capGetDriverDescriptionA

Exports

Exports

ServiceMain
main

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea38f29967b26aab3f000f0b870c103c

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

advapi32

ws2_32

avicap32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 5KB - Virtual size: 4KB