gh0strat | 6f87aa83deb31082116e7b50353353d3_JaffaCakes118

General

Target

6f87aa83deb31082116e7b50353353d3_JaffaCakes118
Size

91KB
MD5

6f87aa83deb31082116e7b50353353d3
SHA1

4b12d2b09b96dbb6cbd68af96a3e4c5ad73a20ad
SHA256

5be302c34153dfc3f8060fac5939808e0983e9279142d9f1a8f445649b75931b
SHA512

d8b4d14f880d90efab64450616e62bce71a6101e5167b7504f58b174e3cda837d273c2dae55cb683fe73b124844fb4182d6536e8573373292a5b127df81a203d
SSDEEP

1536:dWKNcA/++lV3cgccUjBfqLqVmWaWQWo0Zdc8t54:gKNcARlFcgcnjxqLqVha3Wo0Zdc8t5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f87aa83deb31082116e7b50353353d3_JaffaCakes118

Files

6f87aa83deb31082116e7b50353353d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

836d74def91b1b56199d70dd4371eafd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenA
CreateEventA
ResetEvent
SetEvent
Sleep
lstrcatA
GetLocalTime
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_beginthreadex
calloc
_exit
_XcptFilter
exit
_acmdln
__getmainargs
printf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strchr
atoi
rename
strrchr
_except_handler3
free
_initterm
malloc
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z
_strrev

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ujyhkuy
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

836d74def91b1b56199d70dd4371eafd

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

Sections

.text Size: 71KB - Virtual size: 70KB

.ujyhkuy Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 71KB - Virtual size: 70KB

.ujyhkuy
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB