gh0strat | 25142b71123707ab794909dcc6ae13ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25142b71123707ab794909dcc6ae13ac_JaffaCakes118
Size

60KB
MD5

25142b71123707ab794909dcc6ae13ac
SHA1

5be8a041bd34d9955a49e35a100c8c5aa2d59edc
SHA256

91754c9b1a813081e5bb0c1e4d67fe260a36a35b809910ff571c35f2872686cb
SHA512

181b40870f4be53e98f37818c5c10942ca66f56942ec6dac56208d84ddbfe5b356f77b3f50a61d3095d438fc64599feae41679cac595295b378523f219c0bdee
SSDEEP

768:h26dLxPFc7Fwl9h3ZMmZKEQjAGciVLhA+A6Pfnj8q0yOpqmpG0LV:h269c74PyEacz+xfnYq0JpG0LV

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25142b71123707ab794909dcc6ae13ac_JaffaCakes118

Files

25142b71123707ab794909dcc6ae13ac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bec83b86e5079d7bb5f96de2f285f83f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
GetCurrentThreadId
RaiseException
HeapAlloc
CreateFileMappingA
HeapFree
GetProcessHeap
GetTickCount
SetLastError
GetModuleFileNameA
SetFilePointer
ReadFile
CreateFileA
LocalAlloc
DeleteFileA
GetLastError
GetVersionExA
FreeLibrary
lstrcatA
lstrlenA
Sleep
CancelIo
InterlockedExchange
lstrcpyA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
CreateEventA
VirtualFree
DeleteCriticalSection
SetEvent
WaitForSingleObject
LoadLibraryA
GetProcAddress
CloseHandle
OpenEventA

user32

SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CreateWindowExA
LoadMenuA
RegisterClassA
LoadCursorA
wsprintfA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
LoadIconA
CloseDesktop
SetThreadDesktop

gdi32

GetStockObject

advapi32

RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA

msvcrt

_strnicmp
_strrev
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
realloc
strncat
atoi
strncpy
_except_handler3
free
malloc
strchr
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

ws2_32

gethostname
getsockname
send
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
WSACleanup
WSAIoctl
setsockopt
select

Exports

Exports

ServiceMain

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bec83b86e5079d7bb5f96de2f285f83f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 51KB - Virtual size: 51KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB