gh0strat | a8a61a3ed3c026fc1ae8c1a031e70f4e_JaffaCakes118

General

Target

a8a61a3ed3c026fc1ae8c1a031e70f4e_JaffaCakes118
Size

159KB
MD5

a8a61a3ed3c026fc1ae8c1a031e70f4e
SHA1

e26e553e80be59a714bca6a6856a235b8ca304af
SHA256

c6840b2395a1383db5dbed5b1807f496afc4d207b39286f1a92de5ff7fda4fd9
SHA512

b9ce174c38b98c0d8e44b40da8063308c2992f4369a0108c43fe59337b97c309679ca81f215c753602510d608820ff2d716a9e1330502ef5f92f54f7fb263892
SSDEEP

3072:1NrnRPucPdgermWP2U8udJSl7BHlogOTAewy:zrRPuCdi+quT0BHWZx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8a61a3ed3c026fc1ae8c1a031e70f4e_JaffaCakes118

Files

a8a61a3ed3c026fc1ae8c1a031e70f4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abf82414dccaf29b9818e627eddf7082

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcatA
GetModuleHandleA
GetLastError
CloseHandle
GetCurrentProcess
Process32Next
Process32First
OpenProcess
WaitForSingleObject
CreateRemoteThread
FreeLibrary
GetVersion
DeleteFileA
CopyFileA
MoveFileExA
GetWindowsDirectoryA
ExitProcess
Sleep
lstrcmpiA
CreateToolhelp32Snapshot
MoveFileA
WriteFile
lstrlenA
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
CreateFileA
GetTickCount
ReadFile
SetFilePointer
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
WinExec
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateThread
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

memset
strlen
strncmp
strtoul
isdigit
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strcat
strchr
strcpy
_except_handler3
_strlwr
_strcmpi
_strrev

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abf82414dccaf29b9818e627eddf7082

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 145KB - Virtual size: 144KB

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 145KB - Virtual size: 144KB