gh0strat | 5b413010620a1e8d99b5220b3531b1eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b413010620a1e8d99b5220b3531b1eb_JaffaCakes118
Size

153KB
MD5

5b413010620a1e8d99b5220b3531b1eb
SHA1

0b88d34b8861439377824b9e73872304fad185d5
SHA256

2b56aedc28dd7c2351581beda162cbe0b406de8c7708f24f0e6fbaf80a69429b
SHA512

7531795fe873f4123e2c9ede172431512262d52d0a745a890cfddb7e579d38e77f2404238530ffc6a4ca96f17ff499cc9109b6c6cdd5a662c648a9c40869d5c2
SSDEEP

3072:NTMIvYiv1pI3AI9Pw8vWaxc9Z/VVTBftOEXn3xlhL:mId123AI9o8Oax6Z/VVTBlOEX3JL

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b413010620a1e8d99b5220b3531b1eb_JaffaCakes118

Files

5b413010620a1e8d99b5220b3531b1eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b990291fd6abff90e806299bea982755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ShowWindow
GetWindowRect
wsprintfA
CreateWindowExA
DestroyWindow
LoadCursorA
DestroyCursor
GetCursorInfo
wvsprintfA
MessageBoxA
CloseWindowStation
GetWindow
GetClassNameA

advapi32

RegOpenKeyExW

kernel32

IsBadStringPtrW
IsBadReadPtr
ExitThread
RemoveDirectoryA
RaiseException
GlobalMemoryStatusEx
GetProcessTimes
GetSystemInfo
HeapAlloc
GetShortPathNameA
DeleteFileA
GetCurrentProcess
GetTickCount
CloseHandle
ExitProcess
lstrcatA
lstrlenA
lstrcpyA
GetSystemDirectoryA
Sleep
GetExitCodeProcess
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
VirtualQuery
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
lstrcmpA
lstrcmpiA
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLastError
GetModuleFileNameA
GetVersionExA
WideCharToMultiByte
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
GetTempFileNameA
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_wcsicmp
_memicmp
_strlwr
wcstombs
__CxxFrameHandler
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
realloc
malloc
free
srand
rand
_beginthreadex
atoi
_except_handler3
wcslen
strchr
strncat
strncpy
_CxxThrowException
wcsrchr
strrchr

Exports

Exports

CpyCommon

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b990291fd6abff90e806299bea982755

Headers

File Characteristics

Imports

user32

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB