gh0strat | 62ad9406acad7e6dcc34d9dcfdbf3124_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62ad9406acad7e6dcc34d9dcfdbf3124_JaffaCakes118
Size

95KB
MD5

62ad9406acad7e6dcc34d9dcfdbf3124
SHA1

f27eb00b6029c730f49317eed58ecf43fc19216f
SHA256

42c58eb15fabaa71dd6406d7348969ebf66f25817db10c395c32cc7fca514286
SHA512

6ccb1357fd2f0abfbf0dbe9262f936e968d20aa1133e41404986c375272656a06de01d1dceb2cd787d522652873f2c34408ff2cc6116e8d6277778c19218484c
SSDEEP

1536:BySFXAWa6KF/gN7nb1AG6zYvhJN4VcYCEf96UFKVztEWIz1C:BySFQjBMb1Z354VLC296UFKVztEWI

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62ad9406acad7e6dcc34d9dcfdbf3124_JaffaCakes118

Files

62ad9406acad7e6dcc34d9dcfdbf3124_JaffaCakes118
.dll windows:4 windows x86 arch:x86

38f5c1ebb7544ca2d6339b81f2011a86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap

msvcrt

_strlwr
memchr
strrchr
_except_handler3
_strdup
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
strncpy
strncat
strchr
realloc
atoi
rename
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
malloc
_ftol
ceil
memmove
??3@YAXPAX@Z
_strnicmp
_stricmp
_strcmpi

kernel32

RaiseException
GetCurrentThreadId
lstrcmpiA
Process32First
Process32Next
LocalSize
SetUnhandledExceptionFilter
SetErrorMode
OpenEventA
ReleaseMutex
FreeConsole
OpenProcess
CreateToolhelp32Snapshot
GetVersionExA
GlobalMemoryStatus
WaitForMultipleObjects
PeekNamedPipe
DisconnectNamedPipe
CreatePipe
GetStartupInfoA
GlobalSize
GlobalAlloc
GlobalLock
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
lstrcatA
GetTempPathA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
CreateMutexA
FormatMessageA
OpenMutexA
OutputDebugStringA
CopyFileA
SetLastError
GetCurrentProcess
WriteProcessMemory
GetTickCount
GetSystemDirectoryA
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

Exports

Exports

ATmpFun
TestFun
pServiceMain

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38f5c1ebb7544ca2d6339b81f2011a86

Headers

File Characteristics

Imports

gdi32

msvcrt

kernel32

msvcp60

imm32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 5KB - Virtual size: 4KB