gh0strat | 61e83c44475da8da401ce404b320a3df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61e83c44475da8da401ce404b320a3df_JaffaCakes118
Size

1.1MB
MD5

61e83c44475da8da401ce404b320a3df
SHA1

f242d0c91ee2121e74187e98b59c49ab35a80d6a
SHA256

b4882e02c5161b5d797490ebbf2c0a0d6153307d897fe461867a17f92a60a546
SHA512

910fcad2542eded5d158e7fa2ad35850775d46f94e9dc37fda52870def831483f4145a5f3987a3d6bfeb3961337629cdfe681039f478aca54d29d6c2c19df1d7
SSDEEP

12288:5DhPHdSh7qSNgpGwflJaiepgIDt4y9zYOPjQIwpUQ48Gm9ye:51l8gflJaiQJ4y9zYOnwW/8Gqy

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61e83c44475da8da401ce404b320a3df_JaffaCakes118

Files

61e83c44475da8da401ce404b320a3df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d251d7425256ce2352ff71ffcadd519

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutUnprepareHeader
waveInClose
waveOutReset
waveOutClose
sndPlaySoundW
PlaySoundW
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen

kernel32

GetWindowsDirectoryW
GetStartupInfoW
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
GetModuleFileNameA
IsBadWritePtr
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDriveTypeA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetProfileStringA
GlobalAddAtomA
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetTickCount
GetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeInformationW
lstrlenW
GetLogicalDriveStringsW
LocalFree
LocalAlloc
lstrcpynW
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
CreateFileW
WriteFile
SetFilePointer
DeleteFileW
ReadFile
RemoveDirectoryW
MoveFileW
GetLastError
CreateDirectoryW
lstrcpyW
MultiByteToWideChar
LockResource
LoadResource
SizeofResource
FindResourceA
lstrcatW
GetSystemDirectoryW
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
WideCharToMultiByte
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetProcAddress
LoadLibraryW
SetUnhandledExceptionFilter
ExitProcess
DeviceIoControl
CreateFileA
LocalSize
FreeLibrary
GetVersionExW
FindResourceW
GetModuleHandleW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
lstrlenA
LoadLibraryA
GetModuleHandleA
FormatMessageW
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
GetShortPathNameW
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalGetAtomNameW
GetCurrentThread
lstrcmpiA
lstrcmpW
GetTempFileNameW
SetFileTime
GetFileTime
GetDiskFreeSpaceW
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryW

user32

BeginDeferWindowPos
EndDeferWindowPos
GetScrollInfo
SetScrollRange
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
RegisterClassW
GetMenu
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongW
RegisterWindowMessageW
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
GetDesktopWindow
SystemParametersInfoW
FlashWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextW
SetDlgItemTextW
UnregisterClassW
GetWindowTextLengthA
HideCaret
ExcludeUpdateRgn
CheckMenuItem
GetMenuState
ShowScrollBar
DrawIconEx
DeferWindowPos
CheckMenuRadioItem
SetClassLongW
SetForegroundWindow
LoadBitmapW
GetSystemMenu
AppendMenuW
MessageBeep
GetSystemMetrics
DrawEdge
RedrawWindow
FindWindowW
CharNextW
DeleteMenu
GetMenuItemCount
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageW
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
EnableMenuItem
GetCursorPos
GetFocus
MessageBoxW
GetDlgCtrlID
SetWindowPos
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuW
GetMenuCheckMarkDimensions
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
GetWindow
IsWindowVisible
UpdateWindow
ScreenToClient
wsprintfW
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRectEmpty
DrawFrameControl
GetCursor
GetClassInfoW
DefWindowProcW
LoadCursorW
LoadMenuW
LoadImageW
IntersectRect
wvsprintfW
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GrayStringW
LoadStringW
CharUpperW
IsZoomed
LoadAcceleratorsW
TranslateAcceleratorW
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
PostQuitMessage
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetClassNameW
PostThreadMessageW
SetParent
RegisterClipboardFormatW
LockWindowUpdate
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableW
ShowCaret
GetIconInfo
GetDC
ReleaseDC
GetSysColor
FillRect
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageW
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongW
DestroyIcon
DestroyCursor
DestroyMenu
SetRect
EnableWindow
SendMessageW
LoadIconW
GetMessageW
TranslateMessage
DispatchMessageW
GetSysColorBrush

gdi32

GetTextExtentPointA
ExtTextOutA
LPtoDP
GetBkColor
GetTextColor
CreateFontW
GetCharWidthW
GetTextMetricsW
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateDIBitmap
GetClipBox
CreatePen
SetBkMode
TextOutW
ExtTextOutW
StretchDIBits
CreateDIBSection
GetTextExtentPoint32W
SetPixelV
StretchBlt
PtInRegion
CreateFontIndirectW
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectW
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegCreateKeyW
RegSetValueW
CloseServiceHandle

shell32

DragQueryFileW
DragFinish
Shell_NotifyIconW
ExtractIconW
ord71
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ord17
ImageList_Destroy

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

ws2_32

bind
getpeername
WSACloseEvent
WSASend
WSARecv
accept
WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketW
WSACreateEvent
WSAEventSelect
inet_ntoa
listen
send
recv
WSAStartup
socket
ioctlsocket
htons
connect
select
WSACleanup
gethostname
gethostbyname
closesocket

pdh

PdhAddCounterW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery

avifil32

AVIFileRelease
AVIStreamWrite
AVIFileOpenW
AVIFileCreateStreamW
AVIStreamSetFormat
AVIFileExit
AVIFileInit
AVIStreamRelease

msvfw32

DrawDibClose
DrawDibDraw
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen

wininet

InternetSetStatusCallback
FtpPutFileW
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetOpenW
InternetGetLastResponseInfoW
InternetConnectW

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d251d7425256ce2352ff71ffcadd519

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

wininet

Sections

.text Size: 392KB - Virtual size: 389KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 604KB - Virtual size: 601KB

.text
Size: 392KB - Virtual size: 389KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 604KB - Virtual size: 601KB