gh0strat | 1a3a776c4cb1ee379631eb52adbc80fc_JaffaCakes118

General

Target

1a3a776c4cb1ee379631eb52adbc80fc_JaffaCakes118
Size

163KB
MD5

1a3a776c4cb1ee379631eb52adbc80fc
SHA1

f1f029d8d1c2af6d1f5dd40c6c73708c84092647
SHA256

16d32c72ad5e702b830b3d7390bfd9be5bc8ac4081b97f1ef88bcea0ac983d20
SHA512

ffd853ca6f21de978cb08e5c91e6162fb7f4330bb4fb94ce308e0b53ca31e677587a3544c2844b49ab24055764204c9f3482c39ccfc1a2c8f726ffd3edc19a55
SSDEEP

3072:uw9E9Y2tsNOGIxxHPM772TtdujQRiA84nE67fsl+CC:uw9t22oE77irnRnvd7+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a3a776c4cb1ee379631eb52adbc80fc_JaffaCakes118

Files

1a3a776c4cb1ee379631eb52adbc80fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54e429477fe87a269f058e8a7f68adeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
WinExec
_lclose
_lwrite
_lcreat
GetSystemDirectoryA
GetModuleFileNameA
lstrlenA
GetSystemTime
WaitForSingleObject
SetEvent
OpenEventA
SetFileTime
MoveFileExA
MoveFileA
DeleteFileA
OpenFileMappingA
GetCurrentThreadId
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetLastError
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
WriteFile
GlobalFree
CreateFileA
CreateFileMappingA
MapViewOfFile
CloseHandle
SetFilePointer
CreateEventA
GetOEMCP
GetACP
HeapAlloc
WideCharToMultiByte
GetStdHandle
ExitProcess
TerminateProcess
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
RtlUnwind
SetStdHandle
GetCPInfo
GetStringTypeW

user32

GetMessageA
wsprintfA
PostThreadMessageA
GetInputState

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateServiceA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService
StartServiceA

msvcrt

_stricmp

Sections

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e429477fe87a269f058e8a7f68adeb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 136KB - Virtual size: 136KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 136KB - Virtual size: 136KB