gh0strat | b04914ff164cfbc3b8d9d8ea2f960051_JaffaCakes118

General

Target

b04914ff164cfbc3b8d9d8ea2f960051_JaffaCakes118
Size

156KB
MD5

b04914ff164cfbc3b8d9d8ea2f960051
SHA1

cac8688fece44b414d4c605a673f7908f7a1f9c7
SHA256

255631a4e5f0e54451c45754ff72cee0b962a987c1f5fb815861db8a543f4f2c
SHA512

3bf3347be0d650662c8ef534fb9784c881870cf17e2c68a14e218a87d0801ca5c53c75989095c2fcac27bc374ebbf445b3a8c870a768e3817b5bd0f7bc6eda67
SSDEEP

3072:ty2QyQ7t8QL+kXB+ZS+DKr+HEGxCPZnvO5JqqCCyOxtzBI4FM:QxyQSQZXB+g+C+HEGxCP5v8q9j+ttbFM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b04914ff164cfbc3b8d9d8ea2f960051_JaffaCakes118

Files

b04914ff164cfbc3b8d9d8ea2f960051_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7ce57317c4a98f00636f012430d9e18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
CloseHandle
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
GetTickCount
GetTempPathA
lstrcpyA
lstrcmpiA
SetLastError
GetFileAttributesA
ReadFile
SetFilePointer
GetModuleFileNameA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7ce57317c4a98f00636f012430d9e18

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 104KB - Virtual size: 101KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 104KB - Virtual size: 101KB