gh0strat | 8d31d9da7154e8a8527cfb47c244cb4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d31d9da7154e8a8527cfb47c244cb4d_JaffaCakes118
Size

132KB
MD5

8d31d9da7154e8a8527cfb47c244cb4d
SHA1

f5907a00ce372c05d50c3c48200fa5a52b67a7bc
SHA256

d6be3ab13db876d4292d9e3716fb667779fee6ebd41718a04bf7ba03a5998c27
SHA512

1bc2910c32fe82bc84c144b1e48a9aca62c496b573994a6dc313d767608452c710e1d7b9764f349f1e32ce3275086b38d1de47cfaadcaa034c8e1f819592d4b2
SSDEEP

3072:ETiLbKFy5sgnD8dCAF99U0QVVqie6B0HV7:8NEsg4hFP/QVVHB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d31d9da7154e8a8527cfb47c244cb4d_JaffaCakes118

Files

8d31d9da7154e8a8527cfb47c244cb4d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b09db23a8190e64b7b7151125d09b60f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
InterlockedExchange
WideCharToMultiByte
ResetEvent
lstrcpyA
CancelIo
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
CreateDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFree
LocalAlloc
RemoveDirectoryA
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetModuleFileNameA
GetLastError
SetLastError
GetTickCount
CreateProcessA
GetCurrentProcess
ExitProcess
MoveFileA
DeleteFileA
GetLocalTime
GlobalFree
GlobalUnlock
GlobalSize
DeviceIoControl
GlobalMemoryStatus
OpenEventA
SetErrorMode
CreateMutexA
FreeConsole
RaiseException

msvcrt

strrchr
rename
strncpy
atoi
strncmp
_errno
fclose
fwrite
fopen
_except_handler3
wcstombs
_beginthreadex
calloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
malloc
strchr
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
strncat
??3@YAXPAX@Z
_strnicmp
??2@YAPAXI@Z
_strnset

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICOpen

Exports

Exports

RunDllMain
ServiceInstall
ServiceMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09db23a8190e64b7b7151125d09b60f

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB