gh0strat | 41e83d6d3e083f943f680b57349e00a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41e83d6d3e083f943f680b57349e00a4_JaffaCakes118
Size

75KB
MD5

41e83d6d3e083f943f680b57349e00a4
SHA1

e3d13dd3f2bbd6d23cea60fbd4e3e12b242d2001
SHA256

d9bcb676e3e5bdecacf4ea8d38e1d31b58a73b531c32e4426bed11e5bb2dea76
SHA512

b539d357649c52f33f21c999c67ffaa53eb65006f4a0c2ef40beb31937581ff8863b4bb63c510625a774b4ee742c6f0761ff4263d283dd9d3380308df321d663
SSDEEP

1536:pQAyLSTjnDlryWr4i/dXjEcpUbf7UqoP6NCyrcfhE:p2crCi9jEGUr7UqI6NCyrcfh

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e83d6d3e083f943f680b57349e00a4_JaffaCakes118

Files

41e83d6d3e083f943f680b57349e00a4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fab12ad6afdb4d613e1e3e3e8ffd1a5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
GetVersionExA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
WaitForSingleObject
ReleaseMutex
OpenEventA
Sleep
GetTickCount
lstrcpyA
SetUnhandledExceptionFilter
CreateMutexA
SetErrorMode
FreeConsole
GetFileAttributesA
GetSystemDirectoryA
FindNextFileA
FindFirstFileA
CreateEventA
ResetEvent
SetEvent
InterlockedExchange
CancelIo
DeleteFileA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetLastError
SetLastError
CreateThread
MoveFileExA
MoveFileA
RemoveDirectoryA
lstrcatA
TerminateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
FindClose
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateDirectoryA
WriteFile
LocalAlloc
lstrcmpiA
GetCurrentThreadId
RaiseException

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
MessageBoxA
wsprintfA
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
SetProcessWindowStation

msvcrt

strchr
??2@YAPAXI@Z
__CxxFrameHandler
wcstombs
strncpy
atoi
malloc
_CxxThrowException
strrchr
_except_handler3
printf
strncat
_beginthreadex
calloc
free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z
_strrev
_itoa
_stricmp
realloc
_strnicmp

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

Exports

Exports

ServiceMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fab12ad6afdb4d613e1e3e3e8ffd1a5f

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 7KB - Virtual size: 47KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 7KB - Virtual size: 47KB

.reloc
Size: 4KB - Virtual size: 3KB