gh0strat | 2263803a466be5766301dd6baa37ec6b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2263803a466be5766301dd6baa37ec6b_JaffaCakes118
Size

480KB
MD5

2263803a466be5766301dd6baa37ec6b
SHA1

e592463db7f6a6600833c39552a5056950dcbef0
SHA256

df5fd4845a3aead9cb7bbd81bb0237aeb82cfc8211f564994f97760f2704713f
SHA512

2907bd3cbe68a8d03cda109c3c7adee129c8b54efc57224dc3222215af2b877525c8bd788da1f059b0a4b2d51e8c01eb4dfc31bd4aca02314e44f4b12a5ad13c
SSDEEP

12288:8QAQHBJlAghv3r+TsP5StWCKIe4s112cM5cNB:8QA0lAghv3r+TsP5SjKT4sKcM5cr

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2263803a466be5766301dd6baa37ec6b_JaffaCakes118

Files

2263803a466be5766301dd6baa37ec6b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53c58f89e6b8ec662400096e8f6f8c56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
InterlockedExchange
lstrcpyA
MultiByteToWideChar
Sleep
DeleteFileA
Process32Next
lstrlenA
lstrcatA

user32

GetKeyState
GetAsyncKeyState
GetMessageA
CreateWindowExA
CloseWindow
GetClientRect
SendMessageA
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
SetWindowPos
ShowWindow
UpdateWindow
CreateDialogParamA
EndDialog
wsprintfA
CharNextA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetForegroundWindow
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
LoadCursorA
DestroyCursor
BlockInput
MessageBoxA
SystemParametersInfoA
mouse_event
ExitWindowsEx
GetWindowTextA
TranslateMessage
SetThreadDesktop
DispatchMessageA

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

advapi32

LookupAccountNameA
LsaClose
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
IsValidSid

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

msvcrt

calloc
vsprintf
sprintf
_beginthreadex
strncat
wcscpy
_errno
__dllonexit
strncmp
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
atoi
exit
strrchr
_except_handler3
free
malloc
??1type_info@@UAE@XZ
_purecall
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
__p__fmode
__set_app_type
_controlfp
_strnicmp
_strcmpi
??0exception@@QAE@ABV0@@Z
strlen
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy
strncpy
strchr

winmm

waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInClose

ws2_32

select
send
inet_ntoa
inet_addr
getsockname
bind
getpeername
closesocket
listen
sendto
recvfrom
__WSAFDIsSet
gethostname
WSAStartup
WSACleanup
recv
ntohs
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
accept

urlmon

URLDownloadToFileA

netapi32

NetLocalGroupAddMembers
NetUserAdd

psapi

EnumProcessModules

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53c58f89e6b8ec662400096e8f6f8c56

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcrt

winmm

ws2_32

urlmon

netapi32

psapi

Sections

.text Size: 408KB - Virtual size: 407KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 474KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 408KB - Virtual size: 407KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 474KB

.rsrc
Size: 4KB - Virtual size: 1KB