gh0strat | 6185fcf65a7cc290fd2ee1798064201f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6185fcf65a7cc290fd2ee1798064201f_JaffaCakes118
Size

148KB
MD5

6185fcf65a7cc290fd2ee1798064201f
SHA1

c6b3bc813a1e9edd2e193cf871bf6187d6fb41ac
SHA256

db0d85764942767e4dcb25573066934c5bdc5a512d34666ded57053e00c8cf87
SHA512

4fa7b72e5372ba082b1720302aba7f5e074478a9c3759e26fc361b77721164798a8f68306d3f4d4566fed8cdf5616c7d2fd88c08ed1b5b94abf5e01ce577e068
SSDEEP

3072:F9wGc4W4tYUegsgBSFcPbI2bPsakTBftDf17IUdm:E4W4ta6fI2oakTBlhD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6185fcf65a7cc290fd2ee1798064201f_JaffaCakes118

Files

6185fcf65a7cc290fd2ee1798064201f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

73eca83963cc0beed6d8f286d034757d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA

kernel32

LoadLibraryA
RaiseException
CloseHandle
ExpandEnvironmentStringsA
GetLastError
lstrcpyA
lstrlenA
lstrcatA
LocalFree
LocalReAlloc
LocalAlloc
LocalSize
Sleep
lstrcmpiA
GetVersionExA
GetCurrentThreadId
GetProcAddress
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemDirectoryA
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
GetModuleHandleA
GetTempFileNameA
VirtualQuery
GetCurrentProcessId
VirtualAlloc
GetFileAttributesExA
lstrcmpA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
CreateFileMappingA
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
ExitProcess
FreeLibrary
WideCharToMultiByte
SetUnhandledExceptionFilter
FormatMessageA
IsBadWritePtr
GlobalFree
GlobalAlloc
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA

user32

GetWindow
wsprintfA
CloseWindowStation
MessageBoxA
GetClassNameA
ShowWindow
EnableWindow
GetWindowRect
LoadCursorA
DestroyCursor
GetCursorInfo
CreateWindowExA
DestroyWindow
wvsprintfA

oleaut32

SysFreeString

iphlpapi

GetAdaptersInfo

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

ws2_32

gethostname
gethostbyname
getsockname
closesocket
shutdown
WSAIoctl
send
recv
select
connect
socket
WSAStartup
WSACleanup
setsockopt

msvcrt

memmove
_adjust_fdiv
_initterm
??3@YAXPAX@Z
_onexit
__dllonexit
_stricmp
_memicmp
_wcsicmp
_strlwr
_strupr
wcslen
wcsrchr
free
malloc
ceil
__CxxFrameHandler
strncat
realloc
wcstombs
_ftol
srand
rand
strchr
atoi
strncpy
??2@YAPAXI@Z
_beginthreadex
strrchr
strstr
_except_handler3

Exports

Exports

AcquireDDThreadLock
CheckFullscreen
CompleteCreateSysmemSurface
D3DParseUnknownCommand
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DllCanUnloadNow
DllGetClassObject
GetDDSurfaceLocal
GetOLEThunkData
GetSurfaceFromDC

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73eca83963cc0beed6d8f286d034757d

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

iphlpapi

userenv

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB