gh0strat | b55a7d063e42056ae4a7d40055fdfb45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b55a7d063e42056ae4a7d40055fdfb45_JaffaCakes118
Size

115KB
MD5

b55a7d063e42056ae4a7d40055fdfb45
SHA1

1bfa7ae87a6a6cf6b1dd82f230b4fd24c1c68063
SHA256

54136ea626a0c96dee29b0a26547ea5479ee480f6dccbf71712882e5347bd20b
SHA512

81ab2e49d869a2be8148392c7778eb3958adc66e357b1a4640530fb7e1bab494046ab49120179efba6485a41be2b23eb60300103952ae2fc64370c1955a80148
SSDEEP

1536:cCxANO1c8ylwoNE+QkyeHNHuHKXccOBfHZqJ0ynV1ZzRux:cCxsdZyiXHEHKXfOxHZqLnFzRux

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b55a7d063e42056ae4a7d40055fdfb45_JaffaCakes118

Files

b55a7d063e42056ae4a7d40055fdfb45_JaffaCakes118
.dll windows:4 windows x86 arch:x86

400948a78e9cb1d54fc6d8ca5d17d3df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
ResumeThread
CreateThread
GetProcAddress
LoadLibraryA
DeleteCriticalSection
VirtualFree
EnterCriticalSection
VirtualAlloc
lstrcpyA
InterlockedExchange
Sleep
lstrlenA
lstrcatA
FreeLibrary
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalReAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
WriteFile
WaitForSingleObject
GetModuleFileNameA
GetSystemDirectoryA
WinExec
GetCurrentProcess
VirtualAllocEx
OpenProcess
GetTickCount
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
OutputDebugStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
ReleaseMutex
SetErrorMode
GetTempPathA
TerminateProcess
Process32Next
lstrcmpiA
RaiseException
LocalAlloc
TerminateThread
CloseHandle
MoveFileA
CreateEventA

msvcrt

calloc
??1type_info@@UAE@XZ
_initterm
_beginthreadex
wcstombs
realloc
strncat
_errno
strncmp
malloc
atoi
strncpy
_except_handler3
free
_adjust_fdiv
strchr
_ftol
ceil
memmove
_strnicmp
_strnset
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_strcmpi

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

msvfw32

ICSeqCompressFrameEnd
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICCompressorFree

Exports

Exports

ServiceMain

Sections

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

400948a78e9cb1d54fc6d8ca5d17d3df

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

imm32

msvfw32

Exports

Exports

Sections

.bss Size: - Virtual size: 1KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 1KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 7KB - Virtual size: 6KB