gh0strat | 40a4fef33c135fc7acef74385824439b_JaffaCakes118

General

Target

40a4fef33c135fc7acef74385824439b_JaffaCakes118
Size

120KB
MD5

40a4fef33c135fc7acef74385824439b
SHA1

73896f23dc4381572508563fd8680211bd58b1cf
SHA256

c360c80c50127401c4f6485a0a23c416160dd39b16b3ef4e703fbfd29ae69a72
SHA512

e043c0b1e0b2a06b0c6ae6af58af1a1e6dfbecf4b3ea2953a22305dd18bb99ab5897c087c4dffc4e3a3cfec680a8da567b3341aaf141092ef1085a72d48d12d9
SSDEEP

3072:ctyNacYdIUpjkAToeF4uJj9rQeQt1efJwTJAQafwRn2y:caYdIUpYRE/JprqrGw1lKwb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40a4fef33c135fc7acef74385824439b_JaffaCakes118

Files

40a4fef33c135fc7acef74385824439b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d08ff0e67d574cf6ac90926c721c5cba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetTempPathA
GetWindowsDirectoryA
SetUnhandledExceptionFilter
ReleaseMutex
MoveFileA
GetCommandLineA
GetCurrentThreadId
GlobalMemoryStatus
GetStartupInfoA
SetFilePointer
ReadFile
WinExec
Sleep
CreateThread
GetModuleFileNameA
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
lstrlenA
HeapFree
FreeResource
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
lstrcmpiA
ExitProcess
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateMutexA

user32

GetMessageA
UpdateWindow
ShowWindow
TranslateMessage
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
DispatchMessageA
CreateWindowExA
DefWindowProcA
wsprintfA
GetInputState

advapi32

EqualSid
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegOpenKeyA
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegDeleteKeyA

msvcrt

??1type_info@@UAE@XZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_except_handler3
realloc
malloc
strchr
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
strstr
_strcmpi
_exit
_XcptFilter
exit
_acmdln

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d08ff0e67d574cf6ac90926c721c5cba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 108KB - Virtual size: 107KB