gh0strat | 73f23ea465ddfeca7cd7f9cf035bd2b1_JaffaCakes118

General

Target

73f23ea465ddfeca7cd7f9cf035bd2b1_JaffaCakes118
Size

83KB
MD5

73f23ea465ddfeca7cd7f9cf035bd2b1
SHA1

f34d0f9dccea3ab4df856afe34a8ef5a36e2792e
SHA256

8daf2fc962e24eda73844057a9d8a627e0dded9de86e2f292d65d5ef4c8033b1
SHA512

430eea73f3b9bdeb4425267e530cc45085fb365f53c0baf10661856d2f117aee29c781e2253fc06e74e0714a661b1351f90a0b782458fd32da9e812813b0a3c8
SSDEEP

1536:495sxVh8BHWztqYZm09qc4vJfsq+YZg/TZqDPS5:495i2tWzlZm09qXvJsq+iMNqDPS5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73f23ea465ddfeca7cd7f9cf035bd2b1_JaffaCakes118

Files

73f23ea465ddfeca7cd7f9cf035bd2b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

611235d73cd5b6b5c09f874cdec6f731

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetSystemDirectoryA
ExitProcess
ReleaseMutex
SetLastError
CreateMutexA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
lstrcmpiA
FreeLibrary
GetTempPathA
GetTickCount
FindResourceA
LoadResource
SizeofResource
WriteFile
lstrlenA
FreeResource
CopyFileA
Sleep
DeleteFileA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
lstrcatA
GetLastError

user32

wsprintfA

advapi32

CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

msvcrt

realloc
malloc
_except_handler3
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

611235d73cd5b6b5c09f874cdec6f731

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 512B

.rsrc Size: 76KB - Virtual size: 75KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 512B

.rsrc
Size: 76KB - Virtual size: 75KB