gh0strat | a0f9be1ab9ac8dd960adb4cfb3acedc5_JaffaCakes118

General

Target

a0f9be1ab9ac8dd960adb4cfb3acedc5_JaffaCakes118
Size

125KB
MD5

a0f9be1ab9ac8dd960adb4cfb3acedc5
SHA1

8d865a3c198acbd8a840acce5781bdcac35446c2
SHA256

5a5611dc5bc8c28d8bd8b517cc441e99c6304213b3fea95bd300f82e9b1159a9
SHA512

25b26ea45e011dd3848c7429eb8cd4db815ad31863d600a9e463d0ec2b48a4f2a1fa54282db39ed69bb13eff236c8dafc0031aa3582c1fc83e1e0527584f0c69
SSDEEP

3072:HsjnPa5Hnf4JvbeexLst8JCvstplpzLAIiHP5HhN:HKPaiJvbe6Ls215pXniv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0f9be1ab9ac8dd960adb4cfb3acedc5_JaffaCakes118

Files

a0f9be1ab9ac8dd960adb4cfb3acedc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80983fd8a8fa3a728966244b939bba39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
CreateMutexA
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
lstrcmpiA
lstrcpyA
FindResourceA
LoadResource
CreateFileA
GetProcAddress
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
ExitProcess
LoadLibraryA

user32

GetMessageA
wsprintfA
GetInputState
PostThreadMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

msvcrt

exit
_strrev
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
??3@YAXPAX@Z
strstr
_except_handler3
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80983fd8a8fa3a728966244b939bba39

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 116KB - Virtual size: 116KB