gh0strat | 3f3e0a9dcb9513eaf206b603aea3a3a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f3e0a9dcb9513eaf206b603aea3a3a4_JaffaCakes118
Size

470KB
MD5

3f3e0a9dcb9513eaf206b603aea3a3a4
SHA1

54507607ac197b4d177b298f90acc4b40850b32c
SHA256

8333fad82056f3ccfbc6843965d04677f278b846d58755c2ab901c238b952080
SHA512

32877c8d17afb83a5a509f094188d652d2513a0a3172e49df1112f560947422cc3e5865c0e3ccaf4688802c44ab5a8cd280545d32239d00c7f34bd44a6c0b7a4
SSDEEP

6144:E4IEvvrOZIEcksjDUgyeyYCB6pb/RmhRTRk6PCy5TRk6PCySAHVWwus4G7O/DriW:KEb9EckkUYC0p/YhJJtxJttHVvumwriW

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3e0a9dcb9513eaf206b603aea3a3a4_JaffaCakes118

Files

3f3e0a9dcb9513eaf206b603aea3a3a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb2918dd7d32fc62954739599d78e4b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
FreeLibrary
GetTickCount
GetTempPathA
WriteFile
SetFilePointer
CreateFileA
WritePrivateProfileStringA
TerminateThread
OutputDebugStringA
GetCurrentProcess
SetFileAttributesA
GetModuleFileNameA
DeleteFileA
CreateProcessA
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
GetVersionExA
GetSystemDefaultUILanguage
ReleaseMutex
OpenEventA
SetErrorMode
GetLastError
CreateMutexA
SetUnhandledExceptionFilter
SetThreadPriority
CreateThread
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
LocalAlloc

Sections

PAGE
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 629KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb2918dd7d32fc62954739599d78e4b2

Headers

File Characteristics

Imports

kernel32

Sections

PAGE Size: 1024B - Virtual size: 944B

PAGE1 Size: 3KB - Virtual size: 3KB

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 21KB - Virtual size: 31KB

.rsrc Size: 629KB - Virtual size: 632KB

PAGE
Size: 1024B - Virtual size: 944B

PAGE1
Size: 3KB - Virtual size: 3KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 21KB - Virtual size: 31KB

.rsrc
Size: 629KB - Virtual size: 632KB