gh0strat | 78696fd49fd7a92341b885a35f0449f6_JaffaCakes118

General

Target

78696fd49fd7a92341b885a35f0449f6_JaffaCakes118
Size

364KB
MD5

78696fd49fd7a92341b885a35f0449f6
SHA1

7f6ef8c71ef0cd9fc5e5f847d9f7bfde04473d62
SHA256

0a57d301ba5a7d58dbe754c474a46a2a150b133f0431f3f8362a23c894b1ffe7
SHA512

f16f9ee27e1988401bc91c10c273b6f344c5a7aa674c036cbf86e058609b8b0ed79c37a8dd83442607639a827aad113475379832b2bafa1b778a74c536be8561
SSDEEP

6144:WFexWmxva4uSCXqsXGSXhIt7QboSlNw+FzBqQYeqoNeqor:Da5RvXh+js5FtqQd8f

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78696fd49fd7a92341b885a35f0449f6_JaffaCakes118

Files

78696fd49fd7a92341b885a35f0449f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

30fb115d31cbbc6bcae0d0062eec5be7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
ReadProcessMemory
GetThreadContext
CreateProcessA
ExitProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
DeleteFileA
FreeResource
lstrlenA
SizeofResource
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
lstrcatA
GetSystemDirectoryA
CreateFileA
SetLastError
GetWindowsDirectoryA
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcmpiA
GetLocalTime
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
GetFileAttributesA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

strlen
__CxxFrameHandler
_CxxThrowException
strchr
??3@YAXPAX@Z
rand
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
??2@YAPAXI@Z
_except_handler3
memcpy
malloc
realloc

ntdll

ZwUnmapViewOfSection

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Exports

Exports

heiyuxhj

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30fb115d31cbbc6bcae0d0062eec5be7

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

netapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rsrc Size: 244KB - Virtual size: 248KB

.text
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 244KB - Virtual size: 248KB