gh0strat | 44a168f9a8d76d319d6098727e28d787_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44a168f9a8d76d319d6098727e28d787_JaffaCakes118
Size

114KB
MD5

44a168f9a8d76d319d6098727e28d787
SHA1

30a9f5de2b313b09b190cee0130f079dd5a4f117
SHA256

e0487b2d84fd405dbc7bfbfe254e087b9241b75fa09a815ff6074da6d938957c
SHA512

a38e181f3180fe491e63ed07dc7776cf01fa82e0885440d52acd04844137fa48e965f20760bded66e165382c2254a22f8b401ef8c334a3255d2b38fce0d13240
SSDEEP

3072:+o9EoX2qySFQjBMb1Z354VLC296UFKVztEWr:+o9EoX2mFGa3ak2oDVztEWr

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a168f9a8d76d319d6098727e28d787_JaffaCakes118

Files

44a168f9a8d76d319d6098727e28d787_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a03ab26dd06dd3627d64f336fe022f3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord5065
ord4234
ord6215
ord6380
ord6197
ord4710
ord2379
ord755
ord470
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord1576
ord4853
ord4376
ord5265
ord823
ord2514
ord641
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord324
ord4673

msvcrt

_controlfp
_setmbcp
__CxxFrameHandler
realloc
malloc
_except_handler3
strchr
strstr
exit
_stricmp
_CxxThrowException
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr

kernel32

CopyFileA
Sleep
CreateThread
GetCommandLineA
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
lstrcpyA
lstrlenA
GetModuleHandleA
GetModuleFileNameA
WinExec
lstrcatA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentDirectoryA
GetProcAddress
LoadLibraryA
lstrcmpiA
SetLastError
DeleteFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
FreeLibrary
Process32Next
Process32First
SetUnhandledExceptionFilter
GetStartupInfoA

user32

GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
RedrawWindow
SetCursorPos
mouse_event
GetWindowLongA
SetWindowLongA
IsIconic
PostThreadMessageA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
EnableWindow
GetInputState
wsprintfA
DefWindowProcA

advapi32

StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenServiceA

shell32

SHGetSpecialFolderPathA

ws2_32

inet_addr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a03ab26dd06dd3627d64f336fe022f3b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 99KB - Virtual size: 99KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 99KB - Virtual size: 99KB