gh0strat | 60805df63f49969fe65a39587a98e2e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60805df63f49969fe65a39587a98e2e3_JaffaCakes118
Size

92KB
MD5

60805df63f49969fe65a39587a98e2e3
SHA1

2c42cb5e8455d223c9d417cb20d3bfdcafd083fa
SHA256

227ebb8f10b3f197edcd46effa4252f8ac4fb22e8bc4066e3b95690ef26ce3f7
SHA512

403f5cf23168b92fbee11b572ba98be41b5f64614ef9f9732577268fe0420ffaf2d649cd08c863c0101b8ac51620cae672335ffacfdf387d009cfe1266ec00bd
SSDEEP

1536:GCT8IELClV1XTx5upmxcrMcOv4fC++eZL7Dtnfknyeq:GCT8It17uocrM5viC++edvtnfknLq

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60805df63f49969fe65a39587a98e2e3_JaffaCakes118

Files

60805df63f49969fe65a39587a98e2e3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e3beabc0d1f02c23bdc3e7f3c4baa69d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

DeleteObject
DeleteDC
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
SelectObject

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateProcessA
GetDiskFreeSpaceExA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
RemoveDirectoryA
GetFileSize
ReadFile
SetFilePointer
WriteFile
SetLastError
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetTickCount
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
ReleaseMutex
SetErrorMode
SetUnhandledExceptionFilter
GetModuleFileNameA
LocalSize
GetCurrentThreadId

msvcrt

strncat
realloc
atoi
wcstombs
_beginthreadex
calloc
strrchr
_initterm
malloc
_adjust_fdiv
??3@YAXPAX@Z
_except_handler3
free
_strrev
strncpy
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
memmove
??1type_info@@UAE@XZ
_itoa
_strnicmp

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

avicap32

capGetDriverDescriptionA

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3beabc0d1f02c23bdc3e7f3c4baa69d

Headers

File Characteristics

Imports

gdi32

shell32

kernel32

msvcrt

msvcp60

avicap32

wtsapi32

userenv

psapi

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB