gh0strat | 41a453c04107ede8098a6ba94b16e710_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41a453c04107ede8098a6ba94b16e710_JaffaCakes118
Size

692KB
MD5

41a453c04107ede8098a6ba94b16e710
SHA1

2d839c123b726af5ccfd60d8f13eb44dd86bb132
SHA256

8d0c7009f44664baa490d2f48c42ef7e4a82ed42843b6c4a0a57eabb79218c94
SHA512

d629f6775b825bb39f7f9f59a05a71e27f982b4bbbe4084560b682c6fef01b87e973ac526d3d15ff504bad1e315bccf467720124e3e1f43fd351a65414c259e4
SSDEEP

12288:r/qS+UGQKj93IklMCInCkZuY2Fu5O6D9bSYd5qNv29d:rCOMhiCInCksipbSYd5Yv2/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41a453c04107ede8098a6ba94b16e710_JaffaCakes118

Files

41a453c04107ede8098a6ba94b16e710_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c193844cc3fb769b9a7c4c787b5b5506

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
waveInClose
waveOutReset
waveOutUnprepareHeader
PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveInStop
waveInUnprepareHeader

kernel32

GetProfileStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
lstrcpyA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
ExitProcess
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
FreeLibrary
GetVersionExA
GetVersion
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetCurrentDirectoryA
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode

user32

GetScrollInfo
SetScrollRange
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
LoadBitmapA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
ReuseDDElParam
SystemParametersInfoA
CharNextA
DeleteMenu
EndDeferWindowPos
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRectEmpty
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
DrawFrameControl
GetCursor
GetClassInfoA
DefWindowProcA
LoadCursorA
FrameRect
LoadMenuA
LoadImageA
GetIconInfo
GetDC
ReleaseDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
SetRect
EnableWindow
SendMessageA
LoadIconA
GetMessageA
SetMenu
TranslateMessage
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
PostThreadMessageA
SetParent
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
BringWindowToTop
GetMenuItemCount
UnpackDDElParam
IsZoomed
GetDesktopWindow
CharUpperA
DispatchMessageA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA

gdi32

GetTextExtentPointA
LPtoDP
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
GetTextExtentPoint32A
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
CreateDIBitmap

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA

shell32

ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ShellExecuteA
ord71
SHGetFileInfoA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoGetClassObject
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

shlwapi

SHAutoComplete

ws2_32

WSACloseEvent
ioctlsocket
WSASend
htons
connect
select
send
recv
WSACleanup
closesocket
getpeername
inet_ntoa
WSARecv
accept
WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
bind
listen
gethostname
WSAStartup
socket
gethostbyname

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData

avifil32

AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit

msvfw32

DrawDibClose
ICDecompress
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
DrawDibDraw
DrawDibOpen

Sections

.text
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c193844cc3fb769b9a7c4c787b5b5506

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

Sections

.text Size: 372KB - Virtual size: 370KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 204KB - Virtual size: 202KB

.text
Size: 372KB - Virtual size: 370KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 204KB - Virtual size: 202KB