gh0strat | 630767c2cd3279c44ab58243d2b33fc9_JaffaCakes118

General

Target

630767c2cd3279c44ab58243d2b33fc9_JaffaCakes118
Size

123KB
MD5

630767c2cd3279c44ab58243d2b33fc9
SHA1

be85d7bdaef76d56c7cf3d7214db9a76b289f46d
SHA256

901a404d7287e86cfe177eedf206dd2517e1b7ad3bd1928ba42a0c3cb9ce673a
SHA512

60a97accde578fc4d2677f45bd1676b73e7f74f87e4665c40ed720e29747130bccf7799611ddbeb17188de0bd3c9de77def9109796e09eaff77cccd78ba251fe
SSDEEP

3072:+C8FOZE0Eq0oJqRqN1tc6D1bPxrHiSNoSwTfkI:+C8FOC0EqPJqMTPBxTKSwD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
630767c2cd3279c44ab58243d2b33fc9_JaffaCakes118

Files

630767c2cd3279c44ab58243d2b33fc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ffe0ee99bb3bf6afa8c26f14b1fa212

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
SetFileAttributesA
CopyFileA
CreateDirectoryA
MoveFileA
GetTempPathA
Process32Next
Process32First
SetUnhandledExceptionFilter
CreateFileA
ReleaseMutex
CreateMutexA
GetCommandLineA
GetSystemDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
DeleteFileA
GetFileAttributesA
lstrcatA
GetLastError
SetLastError
lstrcmpiA
FreeLibrary
lstrcpyA
LoadResource
SetFileTime
SizeofResource
lstrlenA
CloseHandle
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
Sleep

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_exit
_strrev
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
_except_handler3
??3@YAXPAX@Z
fclose
fputs
fopen
strstr
??1type_info@@UAE@XZ
_strcmpi
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ffe0ee99bb3bf6afa8c26f14b1fa212

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 113KB - Virtual size: 112KB

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 113KB - Virtual size: 112KB