gh0strat | 32bd768ba741f430d40fb81e1ac3d842_JaffaCakes118

General

Target

32bd768ba741f430d40fb81e1ac3d842_JaffaCakes118
Size

119KB
MD5

32bd768ba741f430d40fb81e1ac3d842
SHA1

97b08bc8d5af8a2f212ea747fe603d3387be1abd
SHA256

396c7b88f6846f707bf7249cf962c4090276343c2955e558cfe5de5484c9e404
SHA512

9b4bbd35709dc420948ed4f108e0e6a33bb8ae619cef9e555f029ad3b5b3e6a72c1cc22db619c0679df3d0eb1280192b50b276db8eabde788e84e6216966537b
SSDEEP

3072:U3ZjDgkxjtyGanfxdrIcajwJawQBTw+flLkOPXZfS8:CZjDPxjtHaZdrnrJDKw+dYOJfS8

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32bd768ba741f430d40fb81e1ac3d842_JaffaCakes118

Files

32bd768ba741f430d40fb81e1ac3d842_JaffaCakes118
.exe windows:4 windows x86 arch:x86

114711e2729957529a5838f8095bb078

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemDirectoryA
ReadFile
SetFilePointer
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
LockResource
SetLastError
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
lstrcmpiA
lstrcpyA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
MoveFileA
DeleteFileA
ExitProcess
lstrcatA
SetUnhandledExceptionFilter

user32

GetInputState
GetMessageA
wsprintfA
PostThreadMessageA

advapi32

CreateServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
StartServiceA
OpenServiceA
OpenSCManagerA

shell32

ShellExecuteA

msvcrt

??1type_info@@UAE@XZ
_controlfp
realloc
malloc
_except_handler3
strchr
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
fclose
fwrite
fopen
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

114711e2729957529a5838f8095bb078

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 111KB - Virtual size: 110KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 111KB - Virtual size: 110KB