gh0strat | 32ca43472fc215606608446f0608994b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32ca43472fc215606608446f0608994b_JaffaCakes118
Size

153KB
MD5

32ca43472fc215606608446f0608994b
SHA1

7601ddfa1bcec22287ad76ddad371ad5ae4c5460
SHA256

d7723c9c73b75e2d24c1427102a824bd3b86d6964c4be7815e9d7fe9e3a35409
SHA512

7e6af5cedcef15771aa854296dd27e6fa11647b81c793208f165feef38bf2b6c344e66fc545fedb29d7b3de8ab652f52cd1e7f6c17eeb9bb74d2a70456949a3a
SSDEEP

3072:WZyh+jEmbGeUhsbLKua8mkFAf4L89TBftRVvQIQU3Pm6:CyADbGrsbLzmUA489TBlRVvQIQ6

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32ca43472fc215606608446f0608994b_JaffaCakes118

Files

32ca43472fc215606608446f0608994b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8184d69f0864d4631ed985e05c3eca7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
lstrcatA
GetModuleFileNameA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetProcAddress
GetSystemDirectoryA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
lstrcmpA
lstrcmpiA
GetTickCount
VirtualProtect
lstrcpyA
MultiByteToWideChar
lstrlenA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLastError
ExpandEnvironmentStringsA
Sleep
LocalReAlloc
LocalAlloc
GetVersionExA
WideCharToMultiByte
GetTempFileNameA
ExitProcess
GetExitCodeProcess
LocalSize
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
InitializeCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
RaiseException
LocalFree
CloseHandle
LoadLibraryA

user32

GetClassNameA
GetWindow
CloseWindowStation
MessageBoxA
GetCursorInfo
DestroyCursor
LoadCursorA
DestroyWindow
CreateWindowExA
wsprintfA
GetWindowRect
wvsprintfA
ShowWindow

advapi32

RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_memicmp
_strupr
_strlwr
_wcsicmp
strncat
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
strchr
wcsrchr
realloc
malloc
strstr
free
srand
rand
_ftol
_except_handler3
strrchr
_beginthreadex
wcslen
strncpy
atoi
wcstombs
_CxxThrowException
memmove
ceil

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnumClasses
DhcpFallbackRefreshParams
DhcpHandlePnPEvent
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestOptions
DhcpRequestParams
DhcpStaticRefreshParams
DhcpUndoRequestParams
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8184d69f0864d4631ed985e05c3eca7c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB