gh0strat | 35d0fbba67b03279f8b7ce99273e4dba_JaffaCakes118

General

Target

35d0fbba67b03279f8b7ce99273e4dba_JaffaCakes118
Size

168KB
MD5

35d0fbba67b03279f8b7ce99273e4dba
SHA1

a4d55b9364caa5a1efcd6f4e7113c096804d9c52
SHA256

6390e44f6f5ed7bd2d7b426274ceeecdcaf639440b1caba00a91fd56c37136bb
SHA512

a79bf3754a3e99f1c39cfddead1a0b4c429888fd36a43c422114da771577b730f16e6f71965e1e8d5338182eddee5d103ac38d9a75b4eb77d173bbe0e3d8c52c
SSDEEP

3072:wzybotSK6npE8jultIEb8nLTpdsU0c5VM02QJsmSDdLvrqW:w2Tn/qltIEA3pq34Vz2Qert

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35d0fbba67b03279f8b7ce99273e4dba_JaffaCakes118

Files

35d0fbba67b03279f8b7ce99273e4dba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe5b397cebe1186e121c3db227308239

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
ReleaseMutex
GetLastError
CreateMutexA
GetCommandLineA
lstrlenA
GetModuleHandleA
CreateThread
MoveFileA
FreeResource
WriteFile
LoadResource
FindResourceA
GetTickCount
GetTempPathA
lstrcatA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetFileAttributesA
DeleteFileA
CloseHandle
MoveFileExA
WinExec
Process32First
Process32Next
lstrcmpiA
LoadLibraryA
GetProcAddress
CreateFileA
SetFilePointer
ReadFile
GetStringTypeA
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStringTypeW

user32

GetInputState
PostThreadMessageA
GetMessageA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
DispatchMessageA
DefWindowProcA
DestroyWindow
PostQuitMessage
wsprintfA
SendMessageA

advapi32

RegDeleteKeyA
ChangeServiceConfigA
StartServiceA
OpenSCManagerA
RegQueryValueExA
OpenServiceA
DeleteService
CreateServiceA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe5b397cebe1186e121c3db227308239

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 116KB - Virtual size: 113KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 116KB - Virtual size: 113KB