gh0strat | 66fabcf918b25e56de5cd54e75d60002_JaffaCakes118

General

Target

66fabcf918b25e56de5cd54e75d60002_JaffaCakes118
Size

154KB
MD5

66fabcf918b25e56de5cd54e75d60002
SHA1

5d2ca1780f54d37dda36019b3e88a01f4dfc5470
SHA256

d0b3cdd5d01a74f3caf44ec71df25f0949e88d180ed0762ea90f7ee2a8f736cd
SHA512

19a47801f883e8b6fa6c2ebb4339bff5267de0fb8b2f171d07a825c07d338050ac9d1122a66378b7fc13609843f58a6acde55547a02a2f4b13b4e84db76ca63a
SSDEEP

3072:xSKsOFNNR8r3yQrtRk05zn/GEa5y0RUVsdWsO0uTtZeMVkvlv:bsUNGr3yQQ0J/GEkGsET0atZeMavx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66fabcf918b25e56de5cd54e75d60002_JaffaCakes118

Files

66fabcf918b25e56de5cd54e75d60002_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b7842d85a19261f7cd298e6aa606070

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
CloseHandle
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
GetTickCount
GetTempPathA
FreeLibrary
LoadLibraryA
ReadFile
SetFilePointer
GetModuleFileNameA
lstrcmpiA
SetLastError
lstrcpyA
GetFileAttributesA
lstrcmpA
Sleep
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
ReleaseMutex
WinExec
CreateMutexA
GetCommandLineA
GetCurrentThreadId
LocalAlloc
InterlockedExchange
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b7842d85a19261f7cd298e6aa606070

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 49KB - Virtual size: 49KB

.rsrc Size: 104KB - Virtual size: 103KB

.text
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 104KB - Virtual size: 103KB