gh0strat | 64012f7c0cf41988fc5acc1da43c8761_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64012f7c0cf41988fc5acc1da43c8761_JaffaCakes118
Size

257KB
MD5

64012f7c0cf41988fc5acc1da43c8761
SHA1

c94aecc9ce945c1d681cc801667def00d5f7ea3a
SHA256

b14b2e395c1fc2814c0e136f2b18611c0d1acf91d55cd845a42f9a321d6f9206
SHA512

e22bbc5375614d363e1861844ffa30e2109dfb4406f73bbdf1102f9a2bbc6f34adb231b5d5e4bc60d0c3355ddc0641dee29771035c9af4ef3d212f238b99893e
SSDEEP

6144:rACzUatLG3WlV9DNYVEHyvF3TBlsnob6y:vQaQoVQyHUF3T3vn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

64012f7c0cf41988fc5acc1da43c8761_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2e9ff49c9d76c53ef8c4e7cdf6ca830

Code Sign

59:8a:f6:c8:cd:16:18:77:bd:c1:38:15:9d:fb:b2:1b
Certificate

Issuer

CN=VeriSign Time Stamping Services Signer - G2

Not Before

19/05/2011, 14:36

Not After

31/12/2039, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2

08:be:f3:f0:09:88:ef:b6:44:43:fe:2b:a7:9b:51:b9
Certificate

Issuer

CN=VeriSign Time Stamping Services Signer - G2

Not Before

19/05/2011, 14:36

Not After

31/12/2039, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd

9f:6d:9f:e3:2e:89:87:22:50:53:b5:5c:ab:62:4c:a2:3a:fe:06:04
Signer

Actual PE Digest

9f:6d:9f:e3:2e:89:87:22:50:53:b5:5c:ab:62:4c:a2:3a:fe:06:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetProcAddress
LoadLibraryA
lstrcmpiA
GetCurrentProcess
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateThread
GetCurrentThreadId
LoadResource
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetWindowsDirectoryA
lstrcatA
SetFilePointer
lstrlenA
IsBadCodePtr
IsBadReadPtr
CreateFileA
CloseHandle
FreeResource
Sleep
GetStringTypeW
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetLastError
FlushFileBuffers

user32

GetInputState
PostThreadMessageA
GetMessageA
PostMessageA
GetTopWindow
GetWindow
GetClassNameA
GetWindowTextA
ShowWindow
FindWindowExA
GetDesktopWindow

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA
ShellExecuteExA

crypt32

CertAddCertificateContextToStore
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2e9ff49c9d76c53ef8c4e7cdf6ca830

Code Sign

59:8a:f6:c8:cd:16:18:77:bd:c1:38:15:9d:fb:b2:1bCertificate

08:be:f3:f0:09:88:ef:b6:44:43:fe:2b:a7:9b:51:b9Certificate

9f:6d:9f:e3:2e:89:87:22:50:53:b5:5c:ab:62:4c:a2:3a:fe:06:04Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

crypt32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 212KB - Virtual size: 209KB

59:8a:f6:c8:cd:16:18:77:bd:c1:38:15:9d:fb:b2:1b
Certificate

08:be:f3:f0:09:88:ef:b6:44:43:fe:2b:a7:9b:51:b9
Certificate

9f:6d:9f:e3:2e:89:87:22:50:53:b5:5c:ab:62:4c:a2:3a:fe:06:04
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 212KB - Virtual size: 209KB