gh0strat | 22aac1c2624caf6578710ce49ba7b5a1_JaffaCakes118

General

Target

22aac1c2624caf6578710ce49ba7b5a1_JaffaCakes118
Size

368KB
MD5

22aac1c2624caf6578710ce49ba7b5a1
SHA1

737529097a5b04881b4f132ddeeaeda3f8e1b559
SHA256

193a8f29c0ef8a76bf48a54e2e52993c31c33ea5baefc36eea856363f0d9f501
SHA512

f1c77ee2e9053ee88cc443629f2932c4558c80fb125ced48a3476f18735d76389ff0a1431768580e08f3b45edd839e7d60f45355cc347d92902f7e6b11fa2419
SSDEEP

6144:GUkTh4I5gm/V7z1dpJZMSgqWoxEBIiLW0Crbd8FAldf2gUeO:CTh49knPpJqDqBxEX60CPwAlto

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22aac1c2624caf6578710ce49ba7b5a1_JaffaCakes118

Files

22aac1c2624caf6578710ce49ba7b5a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a695c93b3fc25e7bbab8c6fd7680717

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42d

ord1789
ord2661
ord4227
ord4229
ord2104
ord3366
ord3826
ord4239
ord4215
ord4408
ord2340
ord2481
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord3143
ord3144
ord3142
ord2431
ord3367
ord3784
ord3657
ord2021
ord4130
ord4492
ord2986
ord528
ord728
ord706
ord593
ord590
ord1510
ord5086
ord2133
ord345
ord899
ord2291
ord684
ord734
ord3555
ord4258
ord4443
ord2636
ord341
ord880
ord4302
ord2295
ord492
ord2052
ord1041
ord1190
ord1033
ord3231
ord4415
ord1860
ord1880
ord3702
ord5077
ord3552
ord1285
ord3803
ord1100

msvcrtd

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
memcpy
memset
_adjust_fdiv

kernel32

GetProcAddress
DeleteFileA
WaitForSingleObject
CreateProcessA
GetTempPathA
GetModuleFileNameA
GetVersion
GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a695c93b3fc25e7bbab8c6fd7680717

Headers

File Characteristics

Imports

mfc42d

msvcrtd

kernel32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 848B

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 848B