gh0strat | 3f33a8565fc32ffdb2b6de4b94aa9099_JaffaCakes118

General

Target

3f33a8565fc32ffdb2b6de4b94aa9099_JaffaCakes118
Size

122KB
MD5

3f33a8565fc32ffdb2b6de4b94aa9099
SHA1

385bb59d4698b94899626e05cc878d61913fbf19
SHA256

9f95c23a1836457e19b86363e421b20a900dadae53aadc72ccbceb87affef235
SHA512

4c8dc466dbde8efda1ce7c682bdfbefa4eb8fdd9c63e399d2461a6a386efe60e334eca26ef32654ca7b3dda8d4bac83d30bfeb584cb94012923463bce7eec744
SSDEEP

3072:CB1t2RuBGMp/rXnn9xhHPtuuS+UMioSwJ7eAJSHyIl:CB1t2RoGMp/rXn9XluR8SwJ7JJST

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f33a8565fc32ffdb2b6de4b94aa9099_JaffaCakes118

Files

3f33a8565fc32ffdb2b6de4b94aa9099_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b677b061cd10cc7b15f0ffbe99c4167

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
SetFileAttributesA
CopyFileA
CreateDirectoryA
MoveFileA
GetTempPathA
Process32Next
Process32First
SetUnhandledExceptionFilter
CreateFileA
ReleaseMutex
CreateMutexA
GetCommandLineA
GetSystemDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
DeleteFileA
GetFileAttributesA
lstrcatA
GetLastError
SetLastError
lstrcmpiA
FreeLibrary
lstrcpyA
LoadResource
SetFileTime
SizeofResource
lstrlenA
CloseHandle
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
Sleep

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_exit
_strrev
strtok
??2@YAPAXI@Z
strchr
realloc
malloc
__CxxFrameHandler
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
fclose
fputs
fopen
strstr
??1type_info@@UAE@XZ
_strcmpi
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b677b061cd10cc7b15f0ffbe99c4167

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 112KB - Virtual size: 111KB

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 112KB - Virtual size: 111KB