gh0strat | df901132677f15f9993a9eef9e0dbad9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df901132677f15f9993a9eef9e0dbad9_JaffaCakes118
Size

152KB
MD5

df901132677f15f9993a9eef9e0dbad9
SHA1

8ab9bf64f52afa0d26d8ead836d9383337fb5c4f
SHA256

958ffe44f76b82226ec8fd2c98d758ff55c735501694299f35d7391bad97976a
SHA512

62b52f6f547a2c5d0212610d9e7834419932489b688dc1b4fa8eebaf506358fb171d80fe6dd90448a8167a25d0155ccd3bf4f81bab8a5368b87413ce66b18cd2
SSDEEP

3072:xRK7G7VRLUxfh2IIK7MwgoT3P6JXj+DKE0RHfTBft7ewi:CaZuloefT3Yj+DK9HfTBl7ewi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df901132677f15f9993a9eef9e0dbad9_JaffaCakes118

Files

df901132677f15f9993a9eef9e0dbad9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5f182577734c1e9e477b1e4d394b5353

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wvsprintfA
LoadCursorA
DestroyCursor
GetCursorInfo
MessageBoxA
CreateWindowExA
DestroyWindow
GetClassNameA
GetWindow
ShowWindow
EnableWindow
CloseWindowStation
wsprintfA

kernel32

FormatMessageA
RaiseException
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
GetFileAttributesExA
GetCurrentProcessId
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
CloseHandle
ExitProcess
lstrcatA
lstrlenA
lstrcpyA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetLastError
FreeLibrary
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
GetTempFileNameA
Sleep
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
InterlockedExchange
GlobalUnlock
GlobalLock
GlobalSize
VirtualQuery
GetLocalTime
MapViewOfFile
CreateFileMappingA
LocalFree
LocalAlloc
lstrcmpiA
GetCurrentThreadId
SetUnhandledExceptionFilter
LoadLibraryA
IsBadWritePtr
LocalSize
LocalReAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA

msvcrt

_beginthreadex
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_stricmp
_memicmp
_strlwr
_wcsicmp
__CxxFrameHandler
??3@YAXPAX@Z
strncpy
atoi
strchr
??2@YAPAXI@Z
rand
srand
_ftol
strstr
_except_handler3
wcstombs
strncat
strrchr
malloc
wcsrchr
memmove
ceil
wcslen
_CxxThrowException
realloc
free

Exports

Exports

AddGadgetMessageHandler
AttachWndProcA
AttachWndProcW
AutoTrace
BeginTransition
BuildAnimation
BuildDropTarget
BuildInterpolation
CreateAction
CreateGadget
CreateTransition
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass
DUserGetAlphaPRID
DUserGetGutsData
DUserGetRectPRID
DUserGetRotatePRID
DUserGetScalePRID
DUserInstanceOf
DUserPostEvent
DUserPostMethod
DUserRegisterGuts
DUserRegisterStub
DUserRegisterSuper
DUserSendEvent
DUserSendMethod
DUserStopAnimation
DeleteHandle
DetachWndProc
DllMain
DrawGadgetTree
EndTransition
EnumGadgets
FindGadgetFromPoint
FindGadgetMessages
FindStdColor
FireGadgetMessages
ForwardGadgetMessage
GetActionTimeslice
GetDebug
GetGadget
GetGadgetAnimation
GetGadgetBufferInfo
GetGadgetCenterPoint
GetGadgetFocus
GetGadgetMessageFilter

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f182577734c1e9e477b1e4d394b5353

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB