gh0strat | cf33c6460f12bafeb7582e98139468bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf33c6460f12bafeb7582e98139468bc_JaffaCakes118
Size

112KB
MD5

cf33c6460f12bafeb7582e98139468bc
SHA1

8ba8d39569eb2688c05fe858c631669856776ce6
SHA256

e90e863fce65e510cb16e3fd1ed74a549682a978fda2a340299952adf71e276c
SHA512

a287d69024a62b3de1c54682119891c6511bd85d1e6cc51c0ebf1bebac7d432e9231528f972705e8a2956c3953570e25724ba1c3145621e939a21193982b6784
SSDEEP

1536:/1SFTy6ajt/qjlrW2bGdJHiz8n7cOB1f3vigNBsb6+X5:/1SFmd/qjlrrGTHiAn71Bt3viUBsb6+J

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf33c6460f12bafeb7582e98139468bc_JaffaCakes118

Files

cf33c6460f12bafeb7582e98139468bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8b6d7b6f1a3cd7856565f8c9290b9e04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

ord19
ord51
ord45
ord364
ord528
ord141
ord144
ord46

imm32

ord103
ord51

kernel32

ord151
ord879
ord951
ord402
ord936
ord945
ord489
ord616
ord899
ord939
ord405
ord479
ord130
ord361
ord72
ord343
ord99
ord327
ord481
ord205
ord591
ord218
ord594
ord209
ord587
ord694
ord348
ord80
ord679
ord778
ord912
ord609
ord373
ord706
ord835
ord442
ord316
ord104
ord921
ord880
ord632
ord542
ord610
ord580
ord363
ord524
ord413
ord603
ord81
ord518
ord863
ord501
ord512
ord505
ord494
ord509
ord431
ord98
ord139
ord843
ord893
ord704
ord40
ord444
ord506
ord834
ord586
ord224
ord137
ord582
ord375
ord776
ord692
ord623
ord772
ord93
ord823
ord241
ord238
ord596
ord650
ord648
ord112
ord942
ord319
ord882
ord128
ord581
ord409
ord109
ord707
ord773
ord895
ord844
ord666
ord50
ord469
ord76

msvcp60

ord1192
ord1818
ord1215
ord1201
ord1034
ord1106
ord1241
ord453
ord1011
ord1207

msvcrt

ord751
ord645
ord825
ord775
ord648
ord16
ord73
ord777
ord779
ord238
ord678
ord649
ord729
ord767
ord781
ord281
ord197
ord736
ord84
ord18
ord509
ord17
ord501

msvfw32

ord37
ord22
ord25
ord42
ord40
ord41
ord43

wtsapi32

ord13
ord9

Exports

Exports

GooDBOY
LetMeSee
SERviceMaIn
SETUP
SWowo
ServiceMain
Zaochou

Sections

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sinbreak
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b6d7b6f1a3cd7856565f8c9290b9e04

Headers

File Characteristics

Imports

gdi32

imm32

kernel32

msvcp60

msvcrt

msvfw32

wtsapi32

Exports

Exports

Sections

.CRT Size: 512B - Virtual size: 4B

sinbreak Size: 95KB - Virtual size: 95KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 5KB

.mackt Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 4B

sinbreak
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 5KB

.mackt
Size: 4KB - Virtual size: 4KB