gh0strat | 96b28607db6f667081494b65c8f023a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96b28607db6f667081494b65c8f023a3_JaffaCakes118
Size

152KB
MD5

96b28607db6f667081494b65c8f023a3
SHA1

2b0ec7ff61b4db0dd9e3ba1932c5169e2c857266
SHA256

ad76300f5bf46b4e0d7ff4b390dbb5a4a9b20bd0dab9559ef35bca6aca6366f6
SHA512

9275e938a9d2ef08e3399c83f554c298afe8dd77a8bdf93500bb63e7bdbaf58a6f0f3a9e151eff70a0c3e16e55520896fe35d55020ecf5fda4a85b545a2c8470
SSDEEP

3072:KtsfFzEKUHSaFRQWw270zot0iUulzQTBftz2WdK3HVV:esN1iwc7dt0EzQTBlz2Wd

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96b28607db6f667081494b65c8f023a3_JaffaCakes118

Files

96b28607db6f667081494b65c8f023a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d40335d2cc0733efb4627009eef07271

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString

user32

GetCursorInfo
LoadCursorA
CloseWindowStation
DestroyWindow
CreateWindowExA
wvsprintfA
GetWindowRect
ShowWindow
GetWindow
GetClassNameA
MessageBoxA
wsprintfA
DestroyCursor

shlwapi

StrStrIA

kernel32

RemoveDirectoryA
RaiseException
VirtualAlloc
VirtualFree
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetExitCodeProcess
ExitProcess
IsBadStringPtrW
IsBadReadPtr
ExitThread
LoadLibraryA
DeleteFileA
GlobalMemoryStatusEx
Sleep
GetCurrentThreadId
CloseHandle
lstrcmpiA
lstrcpyA
GetTempFileNameA
lstrcatA
lstrlenA
MultiByteToWideChar
FreeLibrary
GetProcAddress
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
ExpandEnvironmentStringsA
VirtualQuery
GetModuleHandleA
GetCurrentProcessId
GetTickCount
GetSystemDirectoryA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLastError
GetModuleFileNameA
LocalFree
LocalReAlloc
LocalAlloc
LocalSize
GetCurrentProcess
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
GetSystemInfo
GetProcessTimes

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

iphlpapi

GetAdaptersInfo

ws2_32

getsockname
setsockopt
closesocket
WSAStartup
listen
gethostname
WSACleanup
bind
socket
connect
accept
send
ioctlsocket
__WSAFDIsSet
select
recv
shutdown
gethostbyname
WSAIoctl

msvcrt

wcstombs
strrchr
malloc
??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
_initterm
_memicmp
_wcsicmp
_strupr
_strlwr
ceil
memmove
strncat
_CxxThrowException
__CxxFrameHandler
strchr
atoi
strncpy
wcslen
wcsrchr
_except_handler3
_beginthreadex
_ftol
srand
rand
free
realloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr

Exports

Exports

INTERNAL__AsyncBinaryTrace
INTERNAL__AsyncStringTrace
INTERNAL__DebugAssert
INTERNAL__FlushAsyncTrace
INTERNAL__InitAsyncTrace
INTERNAL__SetAsyncTraceParams
INTERNAL__TermAsyncTrace

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d40335d2cc0733efb4627009eef07271

Headers

File Characteristics

Imports

oleaut32

user32

shlwapi

kernel32

userenv

iphlpapi

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB