gh0strat | b8d44c1de956d21be64c8e276ea053a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8d44c1de956d21be64c8e276ea053a5_JaffaCakes118
Size

120KB
MD5

b8d44c1de956d21be64c8e276ea053a5
SHA1

69dd5f8cbc9f4c5877e18c8c56c842a046fee880
SHA256

823d1b8de91002ae694dc64288064e51b2bab4595814c6eb4ed80ae8a1701510
SHA512

cb63278fb11225bab6321e9b54936f07586bbe15dc6d834b06a4e71a69d9ff7e324bc7204196e7b465515af7b4683a82134c8d35ff53082358931246c3dc51f1
SSDEEP

1536:nQxhXUpKl9pVkpcWprf6xU6T45zLY30fsz0dwPjOgBIrCJy:QxtUApVI5p76xUv5sz02PjOgBIrCJ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8d44c1de956d21be64c8e276ea053a5_JaffaCakes118

Files

b8d44c1de956d21be64c8e276ea053a5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a04fa327878843f951c5aa5c2480918e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalSize
GetTickCount
GlobalFree
SetErrorMode
FreeConsole
GetLocalTime
DeleteFileA
MoveFileA
TerminateThread
CreateProcessA
DeviceIoControl
GetVersion
GetCurrentProcess
ExitProcess
SetLastError
GetModuleFileNameA
SetFilePointer
ReadFile
WriteFile
CreateFileA
RemoveDirectoryA
LocalAlloc
LocalFree
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetVersionExA
GetPrivateProfileStringA
GetProcAddress
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
LoadLibraryA
OpenEventA

user32

MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
GetForegroundWindow
DestroyCursor
keybd_event
SystemParametersInfoA
SendMessageA
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorInfo
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindow
GetKeyState
BlockInput
GetAsyncKeyState
GetMessageA
DispatchMessageA
wsprintfA
CharNextA
TranslateMessage
ExitWindowsEx
LoadCursorA
GetWindowTextA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible

gdi32

CreateCompatibleBitmap
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt
GetDIBits
DeleteDC

advapi32

GetTokenInformation
LookupAccountSidA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumValueA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

msvcrt

_initterm
_strnicmp
_adjust_fdiv
_strupr
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
strncat
wcscpy
_errno
strncmp
atoi
_CxxThrowException
strncpy
rename
strrchr
_except_handler3
free
malloc
strchr
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

winmm

waveInUnprepareHeader
waveOutWrite
waveInStart
waveInClose
waveOutReset
waveOutUnprepareHeader
waveInStop
waveInReset
waveOutGetNumDevs
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutClose

ws2_32

WSAIoctl
setsockopt
connect
socket
htons
gethostbyname
gethostname
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
getsockname
inet_addr
inet_ntoa
send
select
closesocket
recv
ntohs
WSACleanup
WSAStartup

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

netapi32

NetLocalGroupAddMembers
NetUserAdd

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

ServiceMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ujyhkuy
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a04fa327878843f951c5aa5c2480918e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

msvcp60

netapi32

wininet

avicap32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.ujyhkuy Size: 8KB - Virtual size: 7KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 67KB

.ujyhkuy
Size: 8KB - Virtual size: 7KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB