gh0strat | d0cf72624a47094328323cca817808d7_JaffaCakes118

General

Target

d0cf72624a47094328323cca817808d7_JaffaCakes118
Size

242KB
MD5

d0cf72624a47094328323cca817808d7
SHA1

e873d1107372630006e0b834906961c2cf1131b2
SHA256

78bbf6ad1017b06d8927055206b31b46fa0087e30245242a7d3049a4e48e4e38
SHA512

7d7020ebe47f435267a1fa40225fc0d99912bdf53e633f306613a90a2f43eeaea5bf73f2e912b2a705cabaf1e3451bf19da6c822d1b51572bb8ab4c669fc5f81
SSDEEP

6144:auANBxIxh0u4TSg7vECzc009Tr9ZlVrm:xANBxI/RJgDv+5r9

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0cf72624a47094328323cca817808d7_JaffaCakes118

Files

d0cf72624a47094328323cca817808d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7838ebd0b44918c38e8119626e7c981a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
WaitForSingleObject
SizeofResource
CreateEventA
LoadResource
GetModuleHandleA
CreateFileA
WriteFile
Sleep
LockResource
FreeResource
CloseHandle
LoadLibraryA
GetTickCount
GetProcAddress
GetStartupInfoA

user32

LoadIconA
RegisterClassA
LoadCursorA

gdi32

GetStockObject

advapi32

StartServiceA
RegOpenKeyA
RegSetValueExA
RegCloseKey
ControlService
OpenSCManagerA
RegCreateKeyExA

msvcrt

sprintf
rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.gfut
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fddhyt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfgft
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fghfty
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hfdd
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7838ebd0b44918c38e8119626e7c981a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.gfut Size: 2KB - Virtual size: 1KB

.fddhyt Size: 1KB - Virtual size: 1KB

.gfgft Size: 512B - Virtual size: 448B

.fghfty Size: 136KB - Virtual size: 135KB

.hfdd Size: - Virtual size:

.rsrc Size: 101KB - Virtual size: 104KB

.gfut
Size: 2KB - Virtual size: 1KB

.fddhyt
Size: 1KB - Virtual size: 1KB

.gfgft
Size: 512B - Virtual size: 448B

.fghfty
Size: 136KB - Virtual size: 135KB

.hfdd
Size: - Virtual size:

.rsrc
Size: 101KB - Virtual size: 104KB