gh0strat | 3a4e9895f8c3a4182063d829f028eff4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a4e9895f8c3a4182063d829f028eff4_JaffaCakes118
Size

672KB
MD5

3a4e9895f8c3a4182063d829f028eff4
SHA1

9aac5d937681177af868df0d772206e439eddaf8
SHA256

34fbf4301ad670366812e984aa04740ca67720913e3ef9d98ab7fba802edae49
SHA512

d5f2791e8afec1d839972c7bc6ec2a67c0b436ee707b8ac962aea14bbc7a2378cdf382131d9be5cf8fe3748ab778f364d437ab7683ec670d8273d65d9cf6f131
SSDEEP

12288:xidl4blT3O/T3gwmLcATGh4jidl4blT3O/T3gwmLcATGh4fO/T3gwmLcATGh4z:xidlGIT3gwmQAyhaidlGIT3gwmQAyhAh

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a4e9895f8c3a4182063d829f028eff4_JaffaCakes118

Files

3a4e9895f8c3a4182063d829f028eff4_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f8f487b4ee0785d90fcb0900d65e30b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysStringLen
SysAllocString

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
BitBlt
SelectObject
CreateDIBSection
DeleteObject
DeleteDC

kernel32

Module32First
OpenProcess
Module32Next
CreateEventA
SetEvent
CloseHandle
lstrlenA
WideCharToMultiByte
WaitForSingleObject
GetLastError
Sleep
lstrcmpiA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
TerminateThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
GetLogicalDriveStringsA
DeleteFileA
ExpandEnvironmentStringsA
SetFileTime
CreateFileA
CreateDirectoryA
GetFileAttributesA
MoveFileExA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFree
FindClose
FindNextFileA
LocalReAlloc
LocalAlloc
FindFirstFileA
RemoveDirectoryA
GetFileSize
ReadFile
SetFilePointer
WriteFile
MoveFileA
ResetEvent
GetSystemDirectoryA
FreeLibrary
CreateMutexA
WaitForMultipleObjects
GetConsoleOutputCP
SetConsoleCtrlHandler
ExitProcess
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStartupInfoA
GetStdHandle
AllocConsole
CopyFileA
TerminateProcess
FillConsoleOutputCharacterA
FreeConsole
WriteConsoleInputA
GenerateConsoleCtrlEvent
ReadConsoleOutputA
SetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCommandLineA
WinExec
Thread32Next
VirtualQuery
OpenThread
Thread32First
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
GetShortPathNameA
SetEndOfFile
SetFileAttributesA
GetFileAttributesExA
lstrcmpA
IsBadStringPtrW
VirtualProtect
GetConsoleTitleA
GetConsoleWindow
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetModuleFileNameA
GetFileTime
GetTempFileNameA
LocalSize
GetLocalTime
Process32Next
Process32First
LoadLibraryA
DeviceIoControl
GetVersionExA
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
SetErrorMode
ExitThread
OpenEventA
FreeLibraryAndExitThread
IsBadReadPtr
RaiseException

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

msvcrt

_strlwr
_stricmp
_strupr
_wcsicmp
_memicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
strncpy
wcslen
__CxxFrameHandler
free
malloc
_CxxThrowException
memmove
ceil
_ftol
strstr
_except_handler3
strrchr
wcsrchr
strchr
rand
realloc
srand
time
atol
strncat
atoi
wcstombs
_beginthreadex
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

ws2_32

WSAStartup
WSAIoctl
setsockopt
connect
htons
socket
gethostbyname
gethostname
recv
select
closesocket
send
ntohs
getsockname
WSACleanup

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8f487b4ee0785d90fcb0900d65e30b6

Headers

File Characteristics

Imports

oleaut32

gdi32

kernel32

ole32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB