gh0strat | 1c5074a72fc892deb085810ba993f4df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c5074a72fc892deb085810ba993f4df_JaffaCakes118
Size

136KB
MD5

1c5074a72fc892deb085810ba993f4df
SHA1

3bc7ba0fe5d571bb669811d0dba4390d490099a3
SHA256

785fb6342310a4575319536df617bb6f3c2a1785c7238629ff0fd52432ba6794
SHA512

4ca88ec72eb52ff1922313cf3a8f0b2c42c594a557119040a22a6a8ca819f39d9875429ea2ca38143a79afeca994270e420e429d8955ed8f02f5197898787a45
SSDEEP

3072:Y4568SY7Xd8n1fChcFQ1CWHKpDvTBftRhHoXwuQCZHf5s8h:f5zSW2n+cFQPsvTBlRhHoXwu75

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5074a72fc892deb085810ba993f4df_JaffaCakes118

Files

1c5074a72fc892deb085810ba993f4df_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cd1fb4c48385ffd76f7d4bd52486d779

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

kernel32

Sleep
ResetEvent
lstrcatA
GetSystemDirectoryA
FreeLibrary
CreateEventA
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
VirtualQuery
GetTickCount
LocalFree
LocalSize
TerminateProcess
OpenProcess
Process32Next
LocalReAlloc
lstrlenA
Process32First
LocalAlloc
CreateToolhelp32Snapshot
GetLastError
CreateMutexA
WaitForMultipleObjects
GetLogicalDriveStringsA
CreateThread
ExpandEnvironmentStringsA
CreateDirectoryA
GetFileAttributesA
MoveFileExA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetCommandLineA
WinExec
Thread32Next
TerminateThread
OpenThread
Thread32First
GetProcAddress
GetModuleHandleA
SetEvent
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
GetShortPathNameA
SetFileAttributesA
GetFileAttributesExA
lstrcmpA
lstrcmpiA
VirtualProtect
GetConsoleTitleA
GetConsoleWindow
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetModuleFileNameA
SetFileTime
GetFileTime
LoadLibraryA
DeviceIoControl
GetVersionExA
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
SetErrorMode
ExitThread
OpenEventA
CopyFileA
FreeLibraryAndExitThread
IsBadReadPtr
IsBadStringPtrW
Module32Next
Module32First
GetTempFileNameA
RaiseException
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetConsoleOutputCP
SetConsoleCtrlHandler
ExitProcess
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStartupInfoA
GetStdHandle
AllocConsole
FillConsoleOutputCharacterA
FreeConsole
WriteConsoleInputA
GenerateConsoleCtrlEvent
ReadConsoleOutputA
SetConsoleOutputCP
GetConsoleScreenBufferInfo
InterlockedExchange
WaitForSingleObject
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

oleaut32

SysStringLen
SysAllocString
SysFreeString

gdi32

SelectObject
CreateCompatibleBitmap
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC
CreateDIBSection

ws2_32

getsockname
ntohs
send
closesocket
select
recv
gethostname
gethostbyname
socket
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup

msvcrt

rand
??2@YAPAXI@Z
__CxxFrameHandler
wcsrchr
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_memicmp
_stricmp
_strlwr
_strupr
_wcsicmp
_beginthreadex
_CxxThrowException
wcslen
strncat
atol
wcstombs
atoi
time
srand
realloc
strchr
strrchr
malloc
_except_handler3
free
strncpy
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z

Exports

Exports

AddEmailToAutoComplete
AutoDiscoverAndOpenEmail
DllCanUnloadNow
DllGetClassObject
DllInstall

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd1fb4c48385ffd76f7d4bd52486d779

Headers

File Characteristics

Imports

ole32

kernel32

oleaut32

gdi32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB