gh0strat | 5c45f71e72c84cfa5452c59828a5d088_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c45f71e72c84cfa5452c59828a5d088_JaffaCakes118
Size

1.3MB
MD5

5c45f71e72c84cfa5452c59828a5d088
SHA1

033c956490ff272ee014d9fdf6f55a9c244fae2e
SHA256

a7cc7ddfa26da331933339a7b2d05692bc11481a6bdf4da6e60cfeae05f20053
SHA512

9960ff8a9c58348962338515be68cb9b3fe097cb8886a9ae8438f68b2db6e26812754c79ec6d385151949ff49f1d0bb550f79b9cd71d8fcae7cdb904dff3851c
SSDEEP

24576:DZu3ivF0kl1aH3oKV6aCR35XaBgDIiSzzxyZJXEWBV:036nv+6LX71ZJXEWf

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c45f71e72c84cfa5452c59828a5d088_JaffaCakes118

Files

5c45f71e72c84cfa5452c59828a5d088_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d6c7eaefad38348545d843f2a82f6cd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutReset
waveOutGetNumDevs
PlaySoundA
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveOutClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInClose

kernel32

GetCurrentDirectoryA
GetProfileStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapReAlloc
ExitThread
TerminateProcess
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
DeleteFileA
GetTempPathA
CopyFileA
GetSystemDirectoryA
GetComputerNameA
ExitProcess
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
WritePrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
lstrcatA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
FreeLibrary
GetVersionExA
GetVersion
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode

user32

SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
GetScrollInfo
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
LoadBitmapA
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
ScrollWindow
UnregisterClassA
HideCaret
BeginDeferWindowPos
SetMenu
DefDlgProcA
IsWindowUnicode
DispatchMessageA
GetDesktopWindow
SystemParametersInfoA
CharNextA
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxA
wsprintfA
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
ScreenToClient
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
GetWindow
CopyIcon
PtInRect
KillTimer
GetKeyState
DrawIconEx
EndDeferWindowPos
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageA
LoadIconA
SendMessageA
EnableWindow
SetRect
DestroyMenu
DestroyCursor
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
PostMessageA
TrackPopupMenuEx
GetSubMenu
GetWindowRect
DrawFocusRect
InflateRect
CopyRect
GetClientRect
OffsetRect
DrawStateA
FillRect
ShowOwnedPopups
GetSysColor
ReleaseDC
GetDC
GetIconInfo
LoadImageA
LoadMenuA
FrameRect
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
CharUpperA
PostThreadMessageA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
InvertRect
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
SetParent
BringWindowToTop
UnpackDDElParam
ShowCaret
ReuseDDElParam
LoadCursorA
DefWindowProcA
GetClassInfoA
GetCursor
DrawFrameControl
SetRectEmpty
SetTimer
SetCapture
ReleaseCapture
PostQuitMessage
IsZoomed
IsRectEmpty
ExcludeUpdateRgn
FindWindowA

gdi32

SetPixelV
GetTextExtentPointA
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
LPtoDP
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
GetTextExtentPoint32A
CreateDIBitmap
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

shell32

ShellExecuteA
ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ord71
SHGetFileInfoA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard
CoRevokeClassObject

olepro32

ord253

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear

shlwapi

SHAutoComplete
PathRemoveFileSpecA

ws2_32

WSAIoctl
getpeername
ioctlsocket
connect
select
send
recv
WSACloseEvent
WSASend
WSARecv
socket
accept
WSAGetLastError
setsockopt
inet_ntoa
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSAStartup
gethostname
gethostbyname
WSACleanup
closesocket

pdh

PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

avifil32

AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibClose
ICDecompress
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
DrawDibDraw
DrawDibOpen

skinppwtl

ord3
ord2

wininet

FtpPutFileA
InternetConnectA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6c7eaefad38348545d843f2a82f6cd2

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

skinppwtl

wininet

Sections

.text Size: 526KB - Virtual size: 526KB

.rsrc Size: 756KB - Virtual size: 756KB

.text
Size: 526KB - Virtual size: 526KB

.rsrc
Size: 756KB - Virtual size: 756KB