gh0strat | 3870565f45546483af2badbbe200d8d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3870565f45546483af2badbbe200d8d1_JaffaCakes118
Size

152KB
MD5

3870565f45546483af2badbbe200d8d1
SHA1

8282f80bd975ca50a71a1fdf7ee194a92f923d19
SHA256

bcff3458cb35c142b1d3437e53ac29bfcd11313364b12d6bca2cb927714313af
SHA512

13768a2f945f45057384a96b92efeb3ad8600123034296cdcff1b4cc3dbc3ca7c2d54239352c9700e6feda0f6d821a5e6c902322733e156d764c51df7238a580
SSDEEP

3072:X+q8VYvlpTw0/aCnWkMFa8Prc8lTBfttrTsar5rMs5h7V:X+XGfraCrr8lTBltrTsa1os

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3870565f45546483af2badbbe200d8d1_JaffaCakes118

Files

3870565f45546483af2badbbe200d8d1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba86cad0ad9f1c34ad8fc79e619e4444

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
Sleep
GetTickCount
lstrlenA
lstrcatA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
GetLastError
CreateFileMappingA
HeapAlloc
lstrcpyA
LocalFree
LocalAlloc
InterlockedExchange
GlobalFree
GlobalAlloc
VirtualQuery
ExitProcess
GetSystemDirectoryA
WideCharToMultiByte
GetModuleFileNameA
SetUnhandledExceptionFilter
FormatMessageA
GetModuleHandleA
IsBadWritePtr
InitializeCriticalSection
LeaveCriticalSection
LocalSize
LocalReAlloc
MultiByteToWideChar
FreeLibrary
GetProcAddress
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
lstrcmpiA
ExpandEnvironmentStringsA
GetCurrentThreadId
GetTempFileNameA
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetShortPathNameA
GetFileAttributesExA
SetEnvironmentVariableA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
RaiseException
LoadLibraryA

user32

CloseWindowStation
GetCursorInfo
DestroyCursor
LoadCursorA
EnableWindow
ShowWindow
GetWindow
GetClassNameA
MessageBoxA
wvsprintfA
DestroyWindow
wsprintfA
CreateWindowExA

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_stricmp
_strlwr
_wcsicmp
_memicmp
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
wcslen
strncpy
_CxxThrowException
_ftol
strchr
strncat
strrchr
malloc
strstr
wcsrchr
memmove
ceil
realloc
rand
srand
atoi
wcstombs
free
_beginthreadex

Exports

Exports

D3DRMColorGetAlpha
D3DRMColorGetBlue
D3DRMColorGetGreen
D3DRMColorGetRed
D3DRMCreateColorRGB
D3DRMCreateColorRGBA
D3DRMMatrixFromQuaternion
D3DRMQuaternionFromRotation
D3DRMQuaternionMultiply
D3DRMQuaternionSlerp
D3DRMVectorAdd
D3DRMVectorCrossProduct
D3DRMVectorDotProduct
D3DRMVectorModulus
D3DRMVectorNormalize
D3DRMVectorRandom
D3DRMVectorReflect
D3DRMVectorRotate
D3DRMVectorScale
D3DRMVectorSubtract
Direct3DRMCreate

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba86cad0ad9f1c34ad8fc79e619e4444

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB