gh0strat | 78348683653ad6c1ea8f6a24420d4493_JaffaCakes118

General

Target

78348683653ad6c1ea8f6a24420d4493_JaffaCakes118
Size

196KB
MD5

78348683653ad6c1ea8f6a24420d4493
SHA1

cc71e251226010fb31d5236de07cd476b5ed79b6
SHA256

d55f11ffaf77fabd5b3a86bb990f48365d5de23eceea7ae708d1268d16fb1762
SHA512

8dde79009e175d479273bb2f3d00103953aa4559982405d97fb072889675d128e6ad8e69787143a4b2c73bb96199e40f5efb148e11833ac07f144c33be36f882
SSDEEP

6144:WhtwHBZkkaj8CkIGkpQeqaiPL+16X7vJn:WjwtJdkpLiPLJt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78348683653ad6c1ea8f6a24420d4493_JaffaCakes118

Files

78348683653ad6c1ea8f6a24420d4493_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fc3980aa8ce53c15fc6b5443ddaaf14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
CreateProcessA
GetStartupInfoA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
lstrlenA
ReadProcessMemory
GetCurrentProcess
LocalFree
RtlFillMemory
LocalAlloc
RtlMoveMemory
lstrcpyn
LocalSize
WaitForSingleObject
GetModuleHandleA

user32

ShowWindow
UpdateWindow
EnableWindow
IsWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateWindowExA
PostQuitMessage
GetWindowLongA
SetWindowLongA
IntersectRect
EqualRect
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetWindowRgn
SetWindowPos
MessageBoxA
wsprintfA
GetWindowRect
CallWindowProcA
ReleaseDC
FillRect
GetSysColor
GetDC
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
MoveWindow
LoadCursorA
LoadIconA
RegisterClassExA
GetClassInfoExA
IsWindowVisible

gdi32

GetObjectA
BitBlt
DeleteDC
CreateSolidBrush
StretchBlt
CreatePatternBrush
DeleteObject
SetBkColor
TextOutA
SetTextColor
CreateDIBitmap
CreateRectRgn
GetPixel
CombineRgn
CreateCompatibleDC
SelectObject

msimg32

TransparentBlt

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fc3980aa8ce53c15fc6b5443ddaaf14

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 120KB - Virtual size: 116KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 120KB - Virtual size: 116KB