gh0strat | 828e25b7671e8d172440994dc1639652_JaffaCakes118

General

Target

828e25b7671e8d172440994dc1639652_JaffaCakes118
Size

102KB
MD5

828e25b7671e8d172440994dc1639652
SHA1

961a51778ffeac1c7f447c1230d45147c0d2d6b8
SHA256

b4e402049de6eaacb831449cc967d57ad1502e5d3ad64449a8060d00816551a8
SHA512

b9007d7f0b7791e9a4f3dc71f8c79c431db480e1e028e8dbec381054b9876f69eab777df8011fa40cc6d72f87d5ddfd065899ba76e3f3c0ed79eca63bfa118d9
SSDEEP

3072:mVc8LGiMPBEzjXS0edP8WZw6MKrsTw+skpXHilO:mVc8CilzjXS0elLwbK0w+7pXC4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828e25b7671e8d172440994dc1639652_JaffaCakes118

Files

828e25b7671e8d172440994dc1639652_JaffaCakes118
.exe windows:0 windows x86 arch:x86

4ba7369df68a153d6a33a58c57a8fa5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
Sleep
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
ExpandEnvironmentStringsA
GetLastError
SetLastError
lstrcmpiA
lstrlenA
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
ExitProcess
lstrcatA
GetCurrentThreadId

user32

DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
GetInputState
wsprintfA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA
OpenServiceA
RegOpenKeyExA

msvcrt

__CxxFrameHandler
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_except_handler3
strchr
fclose
fwrite
fopen
??2@YAPAXI@Z
_CxxThrowException
strstr
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ba7369df68a153d6a33a58c57a8fa5c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 95KB - Virtual size: 94KB

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 95KB - Virtual size: 94KB