gh0strat | 5e96561ec33dad3ede04602a823732b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e96561ec33dad3ede04602a823732b5_JaffaCakes118
Size

2.1MB
MD5

5e96561ec33dad3ede04602a823732b5
SHA1

85df2c994c49cf1f4eebd4742a26ee8f38da4114
SHA256

ca2dbb03d67b873f2a1fc1512573aec2dc0119fedc94eadea2342b7b49c6faac
SHA512

f808edd6766b6f53d8723694f52cb1ad08c8be7314e5d7b16ade6753d607dc2628cc1188882f6876ea06f0c597573923982d3578b92ca153228663d742b51a2e
SSDEEP

24576:FmGlyto0FaYZHmYAzt7LWxcGlYgpZaBgDILxJf7PMgPeG8DKmj3ic1uU4:ZlyCMAzt7LWxc4Y0Zi/7vWGs1389

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e96561ec33dad3ede04602a823732b5_JaffaCakes118

Files

5e96561ec33dad3ede04602a823732b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5323c1bdac8720d14b2d7d766f8fe00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
VirtualAlloc
VirtualFree
Sleep
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
GetWindowsDirectoryA
WinExec
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
LoadResource
SizeofResource
FindResourceA
GetTickCount
GetFileAttributesA
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrlenA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
ReadFile
RemoveDirectoryA
MoveFileA
GetLastError
CreateDirectoryA
lstrcpyA
GetTempPathA
GetProcAddress
CloseHandle
LoadLibraryA
SetUnhandledExceptionFilter
CopyFileA
GetSystemDirectoryA
lstrcmpA
FreeLibrary
MultiByteToWideChar
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
ExitProcess
CreateProcessA
GetStartupInfoA
GetCommandLineA
lstrcatA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetModuleHandleA
LocalSize
GetVersionExA
GetVersion
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
FormatMessageA
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA
LockResource

user32

PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetScrollInfo
SetScrollRange
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
GetParent
IsWindowUnicode
TrackPopupMenu
GetMenuItemID
IsWindow
SetWindowRgn
GetSysColorBrush
RegisterClassExA
GetClipboardData
OpenClipboard
EmptyClipboard
MapWindowPoints
CloseClipboard
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
PostThreadMessageA
SendDlgItemMessageA
SetDlgItemTextA
IntersectRect
CheckMenuRadioItem
SetClassLongA
LoadBitmapA
GetSystemMenu
AppendMenuA
CheckMenuItem
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
SetForegroundWindow
ShowWindow
GetDesktopWindow
SystemParametersInfoA
SetMenu
CharNextA
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRectEmpty
DrawFrameControl
GetCursor
GetClassInfoA
DefWindowProcA
LoadCursorA
wsprintfA
MessageBoxA
FrameRect
LoadMenuA
LoadImageA
GetIconInfo
GetDC
ReleaseDC
IsDialogMessageA
SetWindowTextA
MoveWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
CharUpperA
IsZoomed
PostQuitMessage
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
SetParent
PostMessageA
FindWindowA
SendMessageA
EnableWindow
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
SetRect
DestroyMenu
DestroyCursor
DestroyIcon
GetWindowLongA
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetNextDlgTabItem
RegisterClipboardFormatA
GetWindowRect
LockWindowUpdate
GetDCEx
InvertRect
GetNextDlgGroupItem
CopyAcceleratorTableA
GetClassNameA
SetClipboardData
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
IsRectEmpty

gdi32

SaveDC
GetTextExtentPointA
LPtoDP
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
DPtoLP
CreateRectRgnIndirect
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
CreateDIBitmap
GetClipBox
CreatePen
RoundRect
SetBkMode
TextOutA
CreateRectRgn
CombineRgn
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
GetTextExtentPoint32A
SetPixelV
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegOpenKeyA

shell32

ExtractIconA
ord71
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA
DragQueryFileA
DragFinish
ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
SysStringLen
SysAllocStringByteLen
VariantChangeType
SysAllocString

shlwapi

PathRemoveFileSpecA
SHAutoComplete

ws2_32

socket
listen
bind
WSAEventSelect
WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAIoctl
setsockopt
WSAGetLastError
accept
WSARecv
WSASend
WSACloseEvent
inet_ntoa
gethostbyname
ioctlsocket
htons
connect
select
closesocket
getpeername
WSAStartup
gethostname
WSACleanup

pdh

PdhGetFormattedCounterValue
PdhAddCounterA
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA

avifil32

AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibOpen
ICDecompress
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
DrawDibDraw
DrawDibClose

wininet

InternetGetLastResponseInfoA
FtpPutFileA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetSetStatusCallback
InternetConnectA

winmm

waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
waveInStop
sndPlaySoundA

skinppwtl

ord3
ord2

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5323c1bdac8720d14b2d7d766f8fe00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

ws2_32

pdh

avifil32

msvfw32

wininet

winmm

skinppwtl

Sections

.text Size: 550KB - Virtual size: 550KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 550KB - Virtual size: 550KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB