gh0strat | 283ed78046ece162dd2a3d29dce98dd9_JaffaCakes118

General

Target

283ed78046ece162dd2a3d29dce98dd9_JaffaCakes118
Size

129KB
MD5

283ed78046ece162dd2a3d29dce98dd9
SHA1

6811d1996b4229acfe412839e030be1c4af256a0
SHA256

e1dc6247455d7b27f0ae23f58ed54fb0398bb468eb2d555794280dec1bbf7c78
SHA512

3f2a1f2b9d891d8509285accab5a0a34df1028f176ca5cb6a5fb5a881d69be0f8ba11506568a423a31ffd35513f3bef4c79803ecb3ee7fa021d3968c8496029f
SSDEEP

3072:FEIxpNh2EUOjMYF3JuiOzq5XtdUvydhSciVWadRAiN/:FTxpNhZUSBAlqJoihrSXnh/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
283ed78046ece162dd2a3d29dce98dd9_JaffaCakes118

Files

283ed78046ece162dd2a3d29dce98dd9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b178b8a0e0d77a293b51c17d9f022fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcpyA
GetEnvironmentVariableA
SetThreadPriority
ExitProcess
GetCurrentThreadId
GetStartupInfoA
CreateProcessA
Sleep
ResumeThread
GetTickCount
DeleteFileA
FindResourceExA
GetTempPathA
GetModuleFileNameA
LoadLibraryA
FindResourceA
LoadResource
LockResource
HeapFree
SizeofResource
CreateFileA
WriteFile
CloseHandle
FreeLibrary
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
GetShortPathNameA

user32

GetMessageA
LoadStringA
PostThreadMessageA
GetInputState
wsprintfA

advapi32

InitializeAcl
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
GetUserNameA

shell32

ShellExecuteA

msvcrt

_acmdln
_controlfp
__set_app_type
__p__fmode
_except_handler3
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b178b8a0e0d77a293b51c17d9f022fc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

netapi32

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 121KB - Virtual size: 121KB

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 121KB - Virtual size: 121KB