gh0strat | 83db659b096556f78aab4e4715e633b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83db659b096556f78aab4e4715e633b2_JaffaCakes118
Size

128KB
MD5

83db659b096556f78aab4e4715e633b2
SHA1

9bcf71a0a5e7c6e8342a1c8de85abee8d88d6c5f
SHA256

0d3daf79b82dda3fb75e939bf274e387091782ca221f6c2340e2ec5c387a023e
SHA512

0d13970c86cae0d57d20b3c7577b3197bae3a9269f8e5e20c38450fc743bff858ea2f2772b051c92c2bd32713e1d463835d78676fa7bbe8decb66b24103d118e
SSDEEP

3072:X80YpOx+nSCqq6cJwvvWzyhPXXjcnicUJvIHGqHI:XZYpOwnSCCcJSLPjuWJv3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

83db659b096556f78aab4e4715e633b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

77839b3d31ec7675ab3154bc3225637b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/02/2008, 00:00

Not After

13/03/2009, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:d1:da:84:ca:c5:ed:cd:78:b8:d4:48:9a:6e:0d:b4:b4:4c:08:7e
Signer

Actual PE Digest

76:d1:da:84:ca:c5:ed:cd:78:b8:d4:48:9a:6e:0d:b4:b4:4c:08:7e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Process32Next
GetTempPathA
Process32First
CreateToolhelp32Snapshot
SetFileAttributesA
DeleteFileA
CopyFileA
CreateDirectoryA
MoveFileA
CreateFileA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateThread
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
GetProcAddress
lstrcmpiA
lstrcpyA
LoadResource
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetFileAttributesA

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_exit
_strrev
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
_except_handler3
??3@YAXPAX@Z
fclose
fputs
fopen
strstr
??1type_info@@UAE@XZ
_strcmpi
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77839b3d31ec7675ab3154bc3225637b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28Certificate

Extended Key Usages

Key Usages

76:d1:da:84:ca:c5:ed:cd:78:b8:d4:48:9a:6e:0d:b4:b4:4c:08:7eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 113KB - Virtual size: 116KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:8b:d7:e8:bb:92:7c:a9:65:11:90:8a:d9:41:d0:28
Certificate

76:d1:da:84:ca:c5:ed:cd:78:b8:d4:48:9a:6e:0d:b4:b4:4c:08:7e
Signer

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 113KB - Virtual size: 116KB