gh0strat | 851498d73870456814db96c82314bc19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

851498d73870456814db96c82314bc19_JaffaCakes118
Size

520KB
MD5

851498d73870456814db96c82314bc19
SHA1

6786e2cbc78d0cd6b627ce905b8d9853e572d430
SHA256

9f49ff22719460b59c582247fc9316eaaff4f9c8f384f006528a3d17911a2a05
SHA512

89701946ff050fae58e2b164cd40efeea2d5835db03ae959099b303c1816ab1f9038531a8eec52afec552a05d01065a9d0bcc537c567376521cafca028c9d351
SSDEEP

12288:bzTOjvJFAgBv3r+TMPpCNWyFuusi/31L1XlM5rYT3Pki:bzSlFAgBv3r+TMPpC3F5sE31L1XlM5Mp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
851498d73870456814db96c82314bc19_JaffaCakes118

Files

851498d73870456814db96c82314bc19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

19c0a28dbeefa26b43c62bf5f70968a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WideCharToMultiByte
ResetEvent
lstrcpyA
InterlockedExchange
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFree
LocalAlloc
RemoveDirectoryA
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetLastError
GetTickCount
CreateProcessA
ExitThread
SleepEx
ExitProcess
MoveFileA
LocalReAlloc
LocalSize
GlobalFree
GlobalUnlock
GlobalSize
GetCurrentProcess
OutputDebugStringA
DeviceIoControl
GlobalMemoryStatus
GetLocalTime
RaiseException

msvcrt

free
_except_handler3
strrchr
rename
strncpy
atoi
strncmp
_errno
fclose
fwrite
fopen
puts
malloc
wcstombs
_beginthreadex
sprintf
vsprintf
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strchr
_CxxThrowException
printf
_purecall
strstr
_ftol
ceil
memmove
__CxxFrameHandler
strncat
??3@YAXPAX@Z
??2@YAPAXI@Z
_strnicmp
_strupr

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Exports

Exports

RunDllMain
ServiceMain

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19c0a28dbeefa26b43c62bf5f70968a0

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 420KB - Virtual size: 419KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 472KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 420KB - Virtual size: 419KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 472KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 20KB - Virtual size: 19KB