gh0strat | aa39efe5b91b606f5aa6335a80b74c54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa39efe5b91b606f5aa6335a80b74c54_JaffaCakes118
Size

107KB
MD5

aa39efe5b91b606f5aa6335a80b74c54
SHA1

36f40acb871071e6d52e148ed3e13aab1309769c
SHA256

c7b16df57635d8972e97e78514340781af213e7aa7f745f14900c601196f74d4
SHA512

79f1d1826572cacf7df76b5247915d2ca6a7e7ed2791c6d8ed427dc82848860be69fb66af253ea909e32f390ea96217b598e3684ab0b26846e8b90ae268838f4
SSDEEP

1536:3nRhhFu3iKMMIO8sVYO1SFcWRufVLEKFg4e+mNTMFaUhDd:3f7uSHMISYYSFBRoVLEKFg4rmNTMUWDd

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa39efe5b91b606f5aa6335a80b74c54_JaffaCakes118

Files

aa39efe5b91b606f5aa6335a80b74c54_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca8324d20c29f4c27742ba4c20e10577

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
SetEvent
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
CancelIo
Sleep
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
FindClose
LocalFree
FindNextFileA
LocalReAlloc
GetFileSize
SetFilePointer
CreateFileA
WriteFile
MoveFileA
SetLastError
GetCurrentProcess
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetFileAttributesA
GetSystemDirectoryA
InterlockedExchange
MoveFileExA
GetLocalTime
GetTickCount
HeapFree
GetProcessHeap
MapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreatePipe
DisconnectNamedPipe
TerminateThread
GetSystemInfo
ReleaseMutex
SetErrorMode
OpenEventA
FreeConsole
Process32Next
Process32First
RaiseException
LocalAlloc

msvcrt

strncpy
strncat
realloc
atoi
wcstombs
_beginthreadex
strrchr
??1type_info@@UAE@XZ
_strnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
free
malloc
_strcmpi
strchr
_CxxThrowException
strstr
_ftol
ceil
memmove
calloc
__CxxFrameHandler

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

Exports

Exports

baijingwan
xiaobing
xiaohua
xiaowen
xiaoxiao

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca8324d20c29f4c27742ba4c20e10577

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 9KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 92B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 92B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB