gh0strat | 4bf41acae8ef4fc197b4a3ad637988e7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4bf41acae8ef4fc197b4a3ad637988e7_JaffaCakes118
Size

1000KB
MD5

4bf41acae8ef4fc197b4a3ad637988e7
SHA1

d498d0c1382e96adf1bc2fc3795e48a7d92dcf4a
SHA256

1cad86fccfd2fbbfa60b2938461aa0f8c27db382f7e4ae381a8221be67c4d638
SHA512

8b50e66ddee72ca29fd368ed69157e3eed19b7770688ecd6f1d75b7f23a74f48e8a2dd88b2160f22effb7edf66ee3cd972725f2d99cb49f814d128c4f665995e
SSDEEP

24576:hEb9Ab3VIAUb1S/Ds2LXVWxpNjOzFM5M4nf6GNkv:hEbqHUb1aBXVWxpNjOzFM5Ms6GC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf41acae8ef4fc197b4a3ad637988e7_JaffaCakes118

Files

4bf41acae8ef4fc197b4a3ad637988e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b27d290b3f40ca31369779079daed219

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
HeapReAlloc
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetACP
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocalTime
GetProfileStringA
GetSystemTime
GetTimeZoneInformation
ExitProcess
GetCommandLineA
GetStartupInfoA
ExitThread
RaiseException
HeapAlloc
RtlUnwind
GetOEMCP
GetCPInfo
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetProcessVersion
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
lstrcmpA
SetLastError
FormatMessageA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
MulDiv
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetVersionExA
LocalSize
GetCurrentDirectoryA
FindResourceA
SizeofResource
LoadResource
LockResource
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemDirectoryA
lstrcatA
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateThread
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CancelIo
GetProcessHeap
HeapFree
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
DeleteCriticalSection
SetEvent
WaitForSingleObject
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
FreeLibrary
InitializeCriticalSection
CreateEventA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
MoveFileA
RemoveDirectoryA
DeleteFileA
WriteFile
lstrcpyA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
Sleep
GetFileSize
LocalAlloc
LocalFree
GetLogicalDriveStringsA
lstrlenA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetFileAttributesA
OutputDebugStringA
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
GetTickCount
GetLastError
VirtualAlloc
GetStringTypeA
VirtualFree

user32

BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
GetWindowPlacement
FillRect
RegisterWindowMessageA
FindWindowA
SystemParametersInfoA
GetDlgCtrlID
IsIconic
AdjustWindowRectEx
SetFocus
IsChild
CharUpperA
LoadImageA
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
IsWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenuState
ShowScrollBar
DrawTextA
DrawIconEx
SetClassLongA
CheckMenuRadioItem
GetIconInfo
LoadBitmapA
GetSystemMenu
AppendMenuA
CheckMenuItem
DeferWindowPos
InflateRect
LoadIconA
GetSystemMetrics
IsWindowVisible
CharNextA
GetFocus
DeleteMenu
GetWindow
LoadMenuA
SetRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSubMenu
GetCursorPos
GetMenuItemCount
EnableMenuItem
GetDesktopWindow
PostMessageA
UpdateWindow
wsprintfA
MessageBoxA
TranslateMessage
GetMessageA
DispatchMessageA
CopyIcon
GetDC
ReleaseDC
SetDlgItemTextA
PostThreadMessageA
PtInRect
SetCursor
KillTimer
GetKeyState
ReleaseCapture
GetParent
SetCapture
InvalidateRect
SetTimer
GetWindowRect
GetClientRect
SetRectEmpty
EnableWindow
SetParent
SendMessageA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
DestroyIcon
GetMenuStringA
InsertMenuA
GetClassNameA
GetSysColor
LoadCursorA
DefWindowProcA
GetClassInfoA
DestroyCursor
GetCursor
DrawFrameControl
OffsetRect
EqualRect
ScreenToClient
SetActiveWindow
PeekMessageA
SendDlgItemMessageA
MapWindowPoints
MessageBeep
GetSysColorBrush
LoadStringA
SetCursorPos
RedrawWindow
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
TranslateAcceleratorA
LoadAcceleratorsA
IsZoomed
DestroyMenu
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
WindowFromPoint
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
wvsprintfA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IntersectRect
MapDialogRect

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgn
TextOutA
GetDeviceCaps
GetViewportExtEx
CreatePen
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
GetTextMetricsA
GetCharWidthA
CreateFontA
GetTextColor
GetBkColor
SetBkColor
SetTextColor
ExtTextOutA
StretchDIBits
CreateDIBSection
SelectObject
GetStockObject
GetTextExtentPoint32A
SetPixelV
StretchBlt
PtInRegion
CreateFontIndirectA
GetObjectA
GetPixel
CreateCompatibleDC
RestoreDC
SaveDC
DeleteDC
GetClipBox
DPtoLP
LPtoDP
GetWindowExtEx
SetBkMode
CreateCompatibleBitmap
Rectangle
PlgBlt
BitBlt
DeleteObject
CreateBitmap
FillRgn
CreateDIBitmap
GetTextExtentPointA
CreatePolygonRgn

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetFileSecurityA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegQueryValueExA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA

shell32

DragQueryFileA
DragFinish
ExtractIconA
ord71
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA

comctl32

ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked
_TrackMouseEvent

oledlg

ord8

ole32

OleIsCurrentClipboard
CoInitialize
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
VariantCopy

shlwapi

SHAutoComplete

skinmagictrial

ord2
ord5
ord3
ord1
ord8

avifil32

AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIFileInit
AVIStreamRelease

msvfw32

ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen
DrawDibClose
ICSeqCompressFrameEnd
DrawDibDraw
ICCompressorFree

pdh

PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

ws2_32

ioctlsocket
select
gethostname
WSARecv
WSASend
accept
WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
bind
listen
WSACloseEvent
getpeername
inet_ntoa
inet_addr
WSAStartup
htons
gethostbyname
socket
connect
recv
WSACleanup
closesocket
send

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetCookieA
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b27d290b3f40ca31369779079daed219

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

skinmagictrial

avifil32

msvfw32

pdh

ws2_32

wininet

Sections

.text Size: 396KB - Virtual size: 392KB

.rdata Size: 92KB - Virtual size: 88KB

.data Size: 28KB - Virtual size: 44KB

.rsrc Size: 480KB - Virtual size: 478KB

.text
Size: 396KB - Virtual size: 392KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 28KB - Virtual size: 44KB

.rsrc
Size: 480KB - Virtual size: 478KB