gh0strat | d04e620222ddfda90f858b71c7d2a62d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d04e620222ddfda90f858b71c7d2a62d_JaffaCakes118
Size

148KB
MD5

d04e620222ddfda90f858b71c7d2a62d
SHA1

1270ad6d07e6f2e8357656cf6249186ca9bf29ed
SHA256

1a2cdbe21bcc0580cf2e7d59257efc3dd411d0b3c77e0af59266ef46defcd930
SHA512

0e33d71aa1cbf3dd4aaa25af61df4be15aabcc136191449e7078fc4f2e8ef6205e05fecd581128e10d6ae2d7241ba8652a89c0ecdb9fb83d475f45870f4587c3
SSDEEP

3072:vl11iVvYTApZVPpWgkAb7Rs2nqP7Lh9zAMpGjg8r0UHKY:vlKVgsppWg1reHjAgcAU7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d04e620222ddfda90f858b71c7d2a62d_JaffaCakes118

Files

d04e620222ddfda90f858b71c7d2a62d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f34009a7e153dcf2b1204262a3795ace

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcmpA
LocalSize
lstrcmpiA
lstrlenA
Sleep
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
lstrcpyA
CloseHandle
LoadLibraryA
GetProcAddress

msvcrt

malloc
_adjust_fdiv
_strnicmp
_strrev
_initterm
_strcmpi
??1type_info@@UAE@XZ
_beginthreadex
strncat
_errno
sprintf
strncpy
strncmp
atoi
strrchr
_except_handler3
free
strchr
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z
calloc

ws2_32

gethostname
__WSAFDIsSet
recvfrom
sendto
bind
getsockname
inet_addr
inet_ntoa
send
select
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
WSAIoctl
WSACleanup
WSAStartup
setsockopt

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Exports

Exports

MyCodeMain

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34009a7e153dcf2b1204262a3795ace

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 4KB