gh0strat | dc1feddcaef12307dbd61b406659bf56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc1feddcaef12307dbd61b406659bf56_JaffaCakes118
Size

149KB
MD5

dc1feddcaef12307dbd61b406659bf56
SHA1

950dc83eea9ae96464cf5e5bb2fcfabbd512b906
SHA256

9620e87413ff77d1b113908bd3a3e518a8d06472a7ba9871343b93f5164d2d33
SHA512

fd7a2a903f7ecbd14dc0c1de925989e9e868aa1f3be5ca6cd208c5e0aeecf36d2e290f52a4556575340cfe2610e3a8be9bba118b9ecec458f743497395554430
SSDEEP

3072:3HezSLLqGcRcRCnM30k4mdX0SHAYHTBftcVl0pCc03:3+zSrCnuX0SH9HTBlcK03

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc1feddcaef12307dbd61b406659bf56_JaffaCakes118

Files

dc1feddcaef12307dbd61b406659bf56_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3a74543e0854770d85b48f82c7334e67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW

kernel32

Sleep
lstrlenA
CloseHandle
lstrcmpiA
lstrcpyA
GetVersionExA
GetCurrentThreadId
GetProcAddress
GetTickCount
GetTempFileNameA
lstrcatA
InterlockedExchange
GetSystemDirectoryA
FreeLibrary
ExitProcess
GetExitCodeProcess
LocalFree
GetModuleHandleA
GetLastError
LocalReAlloc
LocalSize
LocalAlloc
WideCharToMultiByte
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
GetModuleFileNameA
SetUnhandledExceptionFilter
FormatMessageA
VirtualQuery
IsBadWritePtr
GlobalFree
GlobalAlloc
GetCurrentProcess
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
RaiseException
LoadLibraryA

user32

CloseWindowStation
ShowWindow
wvsprintfA
GetCursorInfo
DestroyCursor
LoadCursorA
DestroyWindow
CreateWindowExA
wsprintfA
MessageBoxA

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_memicmp
_except_handler3
__CxxFrameHandler
_beginthreadex
??3@YAXPAX@Z
??2@YAPAXI@Z
strrchr
malloc
strstr
wcsrchr
rand
srand
_ftol
strchr
strncpy
free
wcslen
memmove
ceil
strncat
atoi
wcstombs
_CxxThrowException
_strlwr
_wcsicmp

Exports

Exports

TestProject

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a74543e0854770d85b48f82c7334e67

Headers

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB