gh0strat | be66c89e7e3a835086330d439fa31e9c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

be66c89e7e3a835086330d439fa31e9c_JaffaCakes118
Size

86KB
MD5

be66c89e7e3a835086330d439fa31e9c
SHA1

23d8328a55b785d186f11ae89120eae2157c6aaa
SHA256

c81086a66d3c6699a9c4a3a77fe0cf821655b574de5c5e120327d588086a4a23
SHA512

e28651c81c92f16c1068e366fee00faf036b68ac02f6a5bd9f45b60a724574d2e80c018eefe219447cd459048ce3f5b7ad32fa74438da47a4644c94b0b000d37
SSDEEP

1536:w6gu2EBZvalcEgEujccUkf3C+gm/5aayaNP9DY:w6CIvkHgEuj7UW3C+L/5aazp9DY

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be66c89e7e3a835086330d439fa31e9c_JaffaCakes118

Files

be66c89e7e3a835086330d439fa31e9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

985c63a39c3c37374dca42936b1ea126

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
lstrlenA
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrcatA
FreeLibrary
GetVersionExA
GetDriveTypeA
GetDiskFreeSpaceExA
CreateFileA
GetModuleFileNameA
GetLocalTime
GetLastError
RaiseException
LocalAlloc
GetStartupInfoA
GetModuleHandleA

msvcrt

_beginthreadex
calloc
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
atoi
rename
__CxxFrameHandler
_except_handler3
free
malloc
strchr
_initterm
??2@YAPAXI@Z
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z
strrchr

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Sections

BuPc*Y[
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

X bnZ\UY
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IQyE==M'
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

y8<s.cwK
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GNmHfpm(
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

985c63a39c3c37374dca42936b1ea126

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

Sections

BuPc*Y[ Size: 49KB - Virtual size: 49KB

X bnZ\UY Size: 1KB - Virtual size: 1KB

IQyE==M' Size: 9KB - Virtual size: 9KB

y8<s.cwK Size: 8KB - Virtual size: 10KB

GNmHfpm( Size: 17KB - Virtual size: 20KB

BuPc*Y[
Size: 49KB - Virtual size: 49KB

X bnZ\UY
Size: 1KB - Virtual size: 1KB

IQyE==M'
Size: 9KB - Virtual size: 9KB

y8<s.cwK
Size: 8KB - Virtual size: 10KB

GNmHfpm(
Size: 17KB - Virtual size: 20KB