gh0strat | 8695d813801775bd9731f591347feac7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8695d813801775bd9731f591347feac7_JaffaCakes118
Size

80KB
MD5

8695d813801775bd9731f591347feac7
SHA1

167868d55666c2b5ce03b6bd662e268bf030025d
SHA256

3034bb9a3fbd701106e2ce9eaba653e5ceb4f2bb1418cd0cadae38d06bc5917b
SHA512

86a1f4144197341a6bca85e157e6234a49577386765a639f0d65fbec01e2cbcb4ba87708aeb4c2ded78166af366034c460afe44ca5ab6d30560efb123d861d23
SSDEEP

1536:sv8RGuEiUroqjuOCeYcc1txfGPOZf1Yqo2Xobn0:sveYzro7OJYcmthGPOh1Yqo2Xobn0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8695d813801775bd9731f591347feac7_JaffaCakes118

Files

8695d813801775bd9731f591347feac7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

83ea78ade1a60a97a458c43fe738b282

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
EnterCriticalSection
HeapFree
GetLocalTime
UnmapViewOfFile
TerminateThread
GetTickCount
MoveFileExA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
SetEvent
InterlockedExchange
CancelIo
WaitForSingleObject
CreateEventA
CloseHandle
ResetEvent
lstrcpyA
Sleep
FindClose
FindFirstFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
lstrlenA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
LeaveCriticalSection
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
FindNextFileA
LocalReAlloc
LocalAlloc
RemoveDirectoryA
GetFileSize
ReadFile
SetLastError
GetModuleFileNameA
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
CreateProcessA
GetSystemDirectoryA
lstrcatA

user32

GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
PostMessageA
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
CharNextA
GetCursorPos
SetProcessWindowStation
wsprintfA
UnhookWindowsHookEx
GetWindowTextA
OpenDesktopA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
SetWindowsHookExA
BlockInput
LoadCursorA
DestroyCursor
SystemParametersInfoA
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA

gdi32

DeleteDC
DeleteObject
GetDIBits
CreateDIBSection
SelectObject
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

strncpy
strrchr
strncat
strchr
realloc
atoi
wcstombs
malloc
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
strstr
_ftol
ceil
memmove
_strcmpi
_beginthreadex
??3@YAXPAX@Z
_strnicmp
_except_handler3

ws2_32

recv
ntohs
select
htons
send
gethostname
getsockname
socket
connect
WSAIoctl
WSACleanup
WSAStartup
setsockopt
closesocket
gethostbyname

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

avicap32

capGetDriverDescriptionA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

ServiceMain
comzend
tenzend

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83ea78ade1a60a97a458c43fe738b282

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

ws2_32

msvcp60

imm32

wininet

avicap32

psapi

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB