gh0strat | 72140e1df4921c0b225af1f9c9fc7fb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72140e1df4921c0b225af1f9c9fc7fb7_JaffaCakes118
Size

19.1MB
MD5

72140e1df4921c0b225af1f9c9fc7fb7
SHA1

eccb70adb9f7f332f048ccf12886eaba72c89816
SHA256

9f7a1299a368d321513cdaee99e7304bbc5d64defd08e75b2ab919dcc63edba1
SHA512

59aa1b2581eca4a9b2677ddf34735dc34e005b5b169cf6b259a59ef56c717443d43a4efe54e46b90df3831942f5cd46458ff106b3dd1f776647b80f4ac398ede
SSDEEP

6144:zhZbPrRJktgWPF7HTBlWnlQ3WPF7HTBlWnlq:zjPrItX7HT3x47HT3V

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72140e1df4921c0b225af1f9c9fc7fb7_JaffaCakes118

Files

72140e1df4921c0b225af1f9c9fc7fb7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?COMToCRBvr@@YGPAVCRBvr@@PAUIUnknown@@@Z
?CRAbs@@YGPAVCRNumber@@PAV1@@Z
?CRAcos@@YGPAVCRNumber@@PAV1@@Z
?CRAcquireGCLock@@YG_NXZ
?CRAdd@@YGPAVCRNumber@@PAV1@0@Z
?CRAdd@@YGPAVCRPoint2@@PAV1@PAVCRVector2@@@Z
?CRAdd@@YGPAVCRPoint3@@PAV1@PAVCRVector3@@@Z
?CRAdd@@YGPAVCRVector2@@PAV1@0@Z
?CRAdd@@YGPAVCRVector3@@PAV1@0@Z
?CRAddBvrToRun@@YG_NPAVCRView@@PAVCRBvr@@_NPAJ@Z
?CRAddElement@@YGJPAVCRArray@@PAVCRBvr@@K@Z
?CRAddPickData@@YGPAVCRGeometry@@PAV1@PAUIUnknown@@_N@Z
?CRAddPickData@@YGPAVCRImage@@PAV1@PAUIUnknown@@_N@Z
?CRAddRefGC@@YG_NPAX@Z
?CRAddSite@@YG_NPAVCRSite@@@Z
?CRAlways@@YGPAVCREvent@@XZ
?CRAmbientColor
?CRAmbientLight@@YGPAVCRGeometry@@XZ
?CRAnd@@YGPAVCRBoolean@@PAV1@0@Z
?CRAndEvent@@YGPAVCREvent@@PAV1@0@Z
?CRAntiAliasing
?CRAntiAliasing@@YGPAVCRLineStyle@@PAV1@N@Z
?CRAppTriggeredEvent@@YGPAVCREvent@@XZ
?CRApplyDXTransform@@YGPAVCRDXTransformResult@@PAUIUnknown@@JPAPAVCRBvr@@PAV3@@Z
?CRAqua@@YGPAVCRColor@@XZ
?CRArc@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@PAVCRNumber@@000@Z
?CRAsin@@YGPAVCRNumber@@PAV1@@Z
?CRAtan2
?CRAtan@@YGPAVCRNumber@@PAV1@@Z
?CRAttachData@@YGPAVCREvent@@PAV1@PAVCRBvr@@@Z
?CRBSpline
?CRBillboard@@YGPAVCRGeometry@@PAV1@PAVCRVector3@@@Z
?CRBlack@@YGPAVCRColor@@XZ
?CRBlendTextureDiffuse
?CRBlue@@YGPAVCRColor@@XZ
?CRBold@@YGPAVCRFontStyle@@PAV1@@Z
?CRBoundingBox
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRImage@@@Z
?CRBoundingBox@@YGPAVCRBbox3@@PAVCRGeometry@@@Z
?CRBvrApplyPreference@@YGPAVCRBvr@@PAV1@PAGUtagVARIANT@@@Z
?CRBvrToCOM@@YG_NPAVCRBvr@@ABU_GUID@@PAPAX@Z
?CRCeiling
?CRClearLastError@@YGXXZ
?CRClearMatte@@YGPAVCRMatte@@XZ
?CRClip@@YGPAVCRImage@@PAV1@PAVCRMatte@@@Z
?CRClipPolygonImage@@YGPAVCRImage@@PAV1@PAVCRArray@@@Z
?CRClose@@YGPAVCRPath2@@PAV1@@Z
?CRColorHsl

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 6KB