gh0strat | c15d00a6af03f871d17e5d0b60f53dec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c15d00a6af03f871d17e5d0b60f53dec_JaffaCakes118
Size

148KB
MD5

c15d00a6af03f871d17e5d0b60f53dec
SHA1

20ffdd4db062970c75b880fedbc3f8badb4b0064
SHA256

404b6d2fe520ebeae6c94e3c71657eda7434cebfb4cb3350f34c7ecc70945b97
SHA512

276cc2272caed7e895fab89d4332d1a9f91d5361e75ccd27db0ecc4e1e00e448a3e191b1d622a1240d61683ce511255836f7c9e64406df59974b3d8d2a7d95b6
SSDEEP

3072:Du2rSsg6WCxLJ+H1a84zb7JdDshoEaTBftkcEny4L:S2LgGwHc5vjS9aTBlNEn3L

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c15d00a6af03f871d17e5d0b60f53dec_JaffaCakes118

Files

c15d00a6af03f871d17e5d0b60f53dec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b98231e48be019454890ec6bb33ac73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString

shlwapi

StrStrIA

user32

CloseWindowStation
GetClassNameA
GetWindow
ShowWindow
wsprintfA
GetWindowRect
wvsprintfA
LoadCursorA
DestroyCursor
GetCursorInfo
CreateWindowExA
DestroyWindow
MessageBoxA
EnableWindow

kernel32

GetLongPathNameA
RaiseException
CreateFileMappingA
MapViewOfFile
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
WideCharToMultiByte
LocalSize
IsBadWritePtr
FormatMessageA
GetLocalTime
SetUnhandledExceptionFilter
LoadLibraryA
GetTempPathA
SetEnvironmentVariableA
MultiByteToWideChar
CloseHandle
InterlockedExchange
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
ExpandEnvironmentStringsA
GetLastError
lstrcpyA
lstrlenA
lstrcatA
LocalFree
LocalReAlloc
LocalAlloc
lstrcmpiA
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
GetTickCount
ExitProcess
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesExA
lstrcmpA

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

ws2_32

WSAIoctl
shutdown
recv
select
send
setsockopt
socket
closesocket
WSACleanup
WSAStartup
getsockname
gethostname
connect
gethostbyname

iphlpapi

GetAdaptersInfo

msvcrt

_wcsicmp
ceil
memmove
strchr
strrchr
strstr
_except_handler3
malloc
free
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
strncpy
atoi
rand
srand
wcstombs
wcsrchr
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_memicmp
_stricmp
_strlwr
_ftol
_strupr
_CxxThrowException
_beginthreadex
wcslen
strncat
realloc

Exports

Exports

UPSCancelWait
UPSGetState
UPSInit
UPSStop

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b98231e48be019454890ec6bb33ac73

Headers

File Characteristics

Imports

oleaut32

shlwapi

user32

kernel32

userenv

ws2_32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB