gh0strat | 763584f1bb8c5c94e7a45fe9a772b5aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

763584f1bb8c5c94e7a45fe9a772b5aa_JaffaCakes118
Size

152KB
MD5

763584f1bb8c5c94e7a45fe9a772b5aa
SHA1

07f610f304488be284ff4b337b897e5d3145b276
SHA256

08edfb30d02ae41815bbcce0bbb890785d91c21dea924a376970577131f1e121
SHA512

caa884702792cc16b81d8d5a186cc13aca66a6aa0c717e6560a9f413cb451fb980147f963b5fa03792aa44737c0f6c824b0ec2ea20fcab8bc32197e58800168e
SSDEEP

3072:HBX+cnSzE4NVCYv4zrO7+ViswtzSvSIkidTBftDkABdbDBP:NrmhW1ViswtKSIkidTBlDkobl

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
763584f1bb8c5c94e7a45fe9a772b5aa_JaffaCakes118

Files

763584f1bb8c5c94e7a45fe9a772b5aa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bac4a74ce3f777d6f8125a0c6c432dc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
lstrcmpiA
lstrcpyA
GetVersionExA
GetCurrentThreadId
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
lstrlenA
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetLastError
FreeLibrary
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
Sleep
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
VirtualQuery
IsBadWritePtr
InterlockedExchange
ExpandEnvironmentStringsA
lstrcmpA
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
CreateFileMappingA
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
WideCharToMultiByte
GetCurrentProcessId
GetFileAttributesExA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ExitProcess
RaiseException
LoadLibraryA

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString

user32

DestroyCursor
LoadCursorA
GetWindowRect
EnableWindow
ShowWindow
GetWindow
GetCursorInfo
DestroyWindow
CreateWindowExA
MessageBoxA
wvsprintfA
CloseWindowStation
wsprintfA
GetClassNameA

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_stricmp
_strupr
_memicmp
_wcsicmp
_strlwr
_CxxThrowException
strncat
realloc
wcslen
ceil
memmove
strrchr
wcsrchr
__CxxFrameHandler
_beginthreadex
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
strncpy
atoi
strchr
rand
srand
_ftol
strstr
wcstombs
free
malloc

Exports

Exports

??2@YAPAXI@Z
??3@YAXPAX@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_HUGE_dll
_XcptFilter
__GetMainArgs
__argc_dll
__argv_dll
__dllonexit
__doserrno
__fpecode
__isascii
__iscsym
__iscsymf
__mb_cur_max_dll
__pxcptinfoptrs
__threadhandle
__threadid
__toascii
_abnormal_termination
_access
_acmdln_dll
_aexit_rtn_dll
_amsg_exit
_assert
_basemajor_dll
_baseminor_dll
_baseversion_dll
_beep
_beginthread
_c_exit
_cabs
_cexit
_cgets

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac4a74ce3f777d6f8125a0c6c432dc9

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB