gh0strat | 2d6d2312f3d9fc85d610c68ee7327bb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d6d2312f3d9fc85d610c68ee7327bb6_JaffaCakes118
Size

249KB
MD5

2d6d2312f3d9fc85d610c68ee7327bb6
SHA1

ed63eca5ab3250aba66519eae785424c723da8ba
SHA256

3bb8f63141b159852667cd38532dca5d34d77bfb062e7194e2b3a4dd02967f8f
SHA512

44ad9975b58cf0a3acc97c78d52a787f86b7625df8a3e3395687f07f61a06302f176bb30351046717af46bd0c875ccf95198e5891371dc90e49d0d7c278e404e
SSDEEP

3072:yWum+Cif0MvFx20TDX1s1U/1+45KyfnWyqSDpoiOqOFLwFkysiFJ5:ynm+VflvFxLX4UdXLfnQ6oB9FL6kUFJ5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

2d6d2312f3d9fc85d610c68ee7327bb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c78d9bb43e84fe4e6c31a9af658f5a51

Code Sign

ab:87:b2:75:dd:eb:7e:42:00:5f:5b:16:ed:57:d5:26:9a:b5:94:78
Signer

Actual PE Digest

ab:87:b2:75:dd:eb:7e:42:00:5f:5b:16:ed:57:d5:26:9a:b5:94:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetFileSize
FreeLibrary
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapReAlloc
GetStartupInfoA
GetTimeZoneInformation
GetACP
HeapSize
TerminateProcess
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
HeapAlloc
HeapFree
GetCurrentThreadId
CreateThread
CreateDirectoryA
GetCommandLineA
CreateMutexA
ReleaseMutex
SetUnhandledExceptionFilter
GetVersionExA
GetWindowsDirectoryA
WinExec
GetModuleFileNameA
MultiByteToWideChar
GetFileAttributesA
SetFilePointer
ReadFile
lstrcatA
GetLastError
DeleteFileA
SetLastError
lstrcpyA
Sleep
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
GetLocalTime
lstrlenA
GetModuleHandleA
ExitProcess
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
lstrcmpiA
GlobalGetAtomNameA
CloseHandle

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

comctl32

ord17

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c78d9bb43e84fe4e6c31a9af658f5a51

Code Sign

ab:87:b2:75:dd:eb:7e:42:00:5f:5b:16:ed:57:d5:26:9a:b5:94:78Signer

Headers

File Characteristics

Imports

kernel32

shell32

ole32

comctl32

gdi32

winspool.drv

comdlg32

Sections

.text Size: 112KB - Virtual size: 111KB

.rsrc Size: 134KB - Virtual size: 134KB

ab:87:b2:75:dd:eb:7e:42:00:5f:5b:16:ed:57:d5:26:9a:b5:94:78
Signer

.text
Size: 112KB - Virtual size: 111KB

.rsrc
Size: 134KB - Virtual size: 134KB