gh0strat | 35e0e7b5bb73a5be41be6186378bef1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35e0e7b5bb73a5be41be6186378bef1b_JaffaCakes118
Size

136KB
MD5

35e0e7b5bb73a5be41be6186378bef1b
SHA1

c4b38588c2895ec4718786d7771fbf39254b4787
SHA256

132927e11046805e5773092a6586453b26bf61f4643efa157b43a03e820d506f
SHA512

9095ac66e8f841a29bf7465d4e3b8e46f8b3b3d24742893afb50ba92ab635d5e206e1bd0b965bc58d4364c82b0437bd9e184e735634018e67f1a7b7b78b6922b
SSDEEP

3072:Ym3yaa+4h0ace2/p6EJFS/qc5GDhfTBftBZWNVVivk:YSa+s0acH/pFC35GFfTBlBZWN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35e0e7b5bb73a5be41be6186378bef1b_JaffaCakes118

Files

35e0e7b5bb73a5be41be6186378bef1b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d84842c4f1f8acd7e9331bfbc213496a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
SysFreeString
SysStringLen

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

gdi32

SelectObject
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection

kernel32

GetTempFileNameA
LocalSize
CreateMutexA
Process32Next
Process32First
AllocConsole
CloseHandle
WaitForSingleObject
InterlockedExchange
SetEvent
Sleep
ResetEvent
lstrcatA
GetSystemDirectoryA
FreeLibrary
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetCommandLineA
DeleteFileA
GetLastError
WinExec
Thread32Next
TerminateThread
VirtualQuery
OpenThread
Thread32First
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
CreateFileA
HeapAlloc
MoveFileExA
lstrlenA
GetShortPathNameA
ReadFile
VirtualAlloc
GetFileSize
WriteFile
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesExA
lstrcmpA
lstrcmpiA
VirtualProtect
GetConsoleTitleA
GetConsoleWindow
CreateDirectoryA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCurrentProcess
TerminateProcess
GetLongPathNameA
OpenProcess
GetModuleFileNameA
ExpandEnvironmentStringsA
SetFileTime
GetFileTime
GetFileAttributesA
WideCharToMultiByte
GetLogicalDriveStringsA
CreateThread
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFree
FindClose
FindNextFileA
LocalReAlloc
LocalAlloc
FindFirstFileA
SetFilePointer
MoveFileA
GetConsoleOutputCP
SetConsoleCtrlHandler
ExitProcess
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStartupInfoA
GetStdHandle
RaiseException
CopyFileA
FillConsoleOutputCharacterA
FreeConsole
WriteConsoleInputA
GenerateConsoleCtrlEvent
ReadConsoleOutputA
SetConsoleOutputCP
GetConsoleScreenBufferInfo
LoadLibraryA
DeviceIoControl
GetVersionExA
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
WaitForMultipleObjects
VirtualFree
SetErrorMode
ExitThread
OpenEventA
FreeLibraryAndExitThread
IsBadReadPtr
IsBadStringPtrW
Module32Next
Module32First
InitializeCriticalSection
DeleteCriticalSection

ws2_32

gethostname
getsockname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
socket
gethostbyname
recv
closesocket
send
ntohs
select

msvcrt

_initterm
_adjust_fdiv
??2@YAPAXI@Z
__CxxFrameHandler
wcsrchr
??1type_info@@UAE@XZ
_memicmp
_strupr
_stricmp
_strlwr
_wcsicmp
_beginthreadex
atol
strncat
ceil
wcstombs
atoi
_CxxThrowException
wcslen
strncpy
_ftol
time
srand
rand
realloc
memmove
strrchr
malloc
free
strstr
strchr
_except_handler3
??3@YAXPAX@Z

Exports

Exports

CheckFullscreen
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3DCreate9
Direct3DShaderValidatorCreate9

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d84842c4f1f8acd7e9331bfbc213496a

Headers

File Characteristics

Imports

oleaut32

ole32

gdi32

kernel32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB