gh0strat | 3ed4574b39f0c46d39ebf5a68f6a2fc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ed4574b39f0c46d39ebf5a68f6a2fc6_JaffaCakes118
Size

164KB
MD5

3ed4574b39f0c46d39ebf5a68f6a2fc6
SHA1

6a0f8fe6db0f28a95ddc39d0ba0a9001d413bbec
SHA256

14a85da5172a94896f3e68da99a94136c78294f05c96f0a6f672cdb72368a8ba
SHA512

7d3ff0b5322ebd5a36a1dd2d856f1b805d6078a3c26177aec1e0ddc930c645702a8571c7ece2af0be2a6d9802d9fb0bff6c77a4d4a2d5aaf787210fed411a98e
SSDEEP

1536:HUUdNYGshEl0f0HlC5OlO403PHv0jbFj0Pc6UWfcLUprs4zMMSST7leFZB/jVC:xYBEl40s3vs0PtUAcLUu4zMMSSleFZfC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ed4574b39f0c46d39ebf5a68f6a2fc6_JaffaCakes118

Files

3ed4574b39f0c46d39ebf5a68f6a2fc6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

063398a91efc30a803f9503aa6e77b95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
realloc
strncat
exit
_snprintf
_errno
atoi
sprintf
strncpy
strncmp
strrchr
_except_handler3
free
malloc
strchr
_CxxThrowException
memmove
strstr
??3@YAXPAX@Z
__CxxFrameHandler
_strrev
_strnset
_strnicmp
_strupr
_strcmpi
_ftol
ceil
??2@YAPAXI@Z

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

kernel32

GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
LocalFree
GetFileSize
CreateThread
GetProcAddress
LoadLibraryA

msvfw32

ICSendMessage

Exports

Exports

StartRouter

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

063398a91efc30a803f9503aa6e77b95

Headers

File Characteristics

Imports

msvcrt

msvcp60

kernel32

msvfw32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 8KB