gh0strat | 26f75fa9c101b865fd5e5e91160278ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26f75fa9c101b865fd5e5e91160278ad_JaffaCakes118
Size

9.4MB
MD5

26f75fa9c101b865fd5e5e91160278ad
SHA1

66143f093564f3e3f6aa9844aed51ec93eef73de
SHA256

5f4aae363a81b357a3a8bdbf8b0a34dac5c7ea09de408d891f58ba11ff9a6898
SHA512

5efca44e63dbfc0c1d97f27613db0a41e36f931c98c87d157000a6e2c089c1608a248a4fd9ec8d614ef619b6439f3a4bdd05bb88abe2655508629a227ce46e8d
SSDEEP

196608:ebb56T0+4nSkVG19Z8vtBarK4oN0T14Hi5Jcn10H0ThF9dQ5KIJrOLsr0lN/TW3v:H0rnfVu9Z8vnarKxMkSJU10H0tF9dQ6u

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26f75fa9c101b865fd5e5e91160278ad_JaffaCakes118

Files

26f75fa9c101b865fd5e5e91160278ad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fb92bf4ad39d8b5c97ec6fd4e43764a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
ResumeThread
WaitForSingleObject
SetEvent
DeleteCriticalSection
EnterCriticalSection
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetTickCount
GetModuleFileNameA
SetLastError
Beep
GetVersionExA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FreeLibrary
OpenProcess
CreateThread
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLocalTime
WinExec
LocalSize
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalSize
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
TerminateThread
PeekNamedPipe
WaitForMultipleObjects
OutputDebugStringA
DeviceIoControl
GlobalMemoryStatus
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
FreeConsole
Process32First
lstrcmpiA
Process32Next
GetCurrentThreadId
RaiseException

msvcrt

fclose
fseek
fwrite
fopen
strncpy
rename
atoi
strncmp
strchr
_errno
wcscpy
strrchr
_mbsupr
strncat
realloc
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_except_handler3
malloc
free
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
_mbsstr
??3@YAXPAX@Z
_strnicmp
_strnset
??2@YAPAXI@Z
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICSeqCompressFrame

Exports

Exports

ChenAiMain
PangolinMain
XinuecomMain
lch
xjm

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb92bf4ad39d8b5c97ec6fd4e43764a4

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB