gh0strat | 4296589b730e780c260a6ba483fa1c22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4296589b730e780c260a6ba483fa1c22_JaffaCakes118
Size

113KB
MD5

4296589b730e780c260a6ba483fa1c22
SHA1

08d5c487eef3e4a67d7036197da22cab852fcd58
SHA256

0b05b3262a230de31f6ee04003da58bb327ca08689c23b7071c5143c9ce7c510
SHA512

1a9cfce99281da51e9056f6503edf6f0c373d4e17e3ddcd8bb6802d928edcdb682f4ed98b0d594f594613710ac626fa4650fbb72eadb1fc6f2cb3ac0c7aaf442
SSDEEP

1536:NKT0W80SiDNG8YImTw24cKau2f9d0Gv5+NkXP+mHz7JhMt:LW/Si7YIV24Wug9d0y+aXP+mHz7JhQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4296589b730e780c260a6ba483fa1c22_JaffaCakes118

Files

4296589b730e780c260a6ba483fa1c22_JaffaCakes118
.dll windows:4 windows x86 arch:x86

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsnicmp
wcschr
_snprintf
_errno
sprintf
strncpy
strncmp
wcstombs
fputs
wcsncpy
wcslen
wcsrchr
_except_handler3
free
_wcsupr
wcsstr
_strnicmp
fclose
fgets
mbstowcs
wcscpy
strchr
atoi
malloc
realloc
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscat
wcsncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fopen

user32

OpenWindowStationW
GetProcessWindowStation
CharNextW
MessageBoxW
LoadCursorW
DestroyCursor
MapVirtualKeyW
SetRect
GetSystemMetrics
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
DispatchMessageW
TranslateMessage
GetCursorPos
MoveWindow
GetWindowRect
ShowWindow
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationW
GetThreadDesktop
OpenDesktopW
CreateWindowExW
CloseWindow
SendMessageW
IsWindow
SetProcessWindowStation
wsprintfW
GetMessageW

winmm

waveInOpen
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInGetNumDevs
waveInStop

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
WSASocketW
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
inet_addr
getsockname
inet_ntoa
WSAStartup

msvfw32

ICClose
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrame
ICOpen
ICSendMessage

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

kernel32

GetModuleHandleA
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
VirtualFree
VirtualAlloc
ResetEvent
CancelIo
lstrlenW
MultiByteToWideChar
OutputDebugStringW
lstrcpyW
GetVersionExW
DeleteFileA
GetFileSize
lstrcatW
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
ExitProcess
Sleep
FreeConsole
SetFileAttributesW
GetProcAddress
LoadLibraryW
LocalFree
lstrcmpW
LocalReAlloc
LocalAlloc
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetCurrentProcess
lstrcmpiW

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

Imports

msvcrt

user32

winmm

ws2_32

msvfw32

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB