gh0strat | eebf5ed88209a8c435570cb02d76da38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eebf5ed88209a8c435570cb02d76da38_JaffaCakes118
Size

11.3MB
MD5

eebf5ed88209a8c435570cb02d76da38
SHA1

ec66de9396c153711eea0931d489a547166fdb45
SHA256

23fbb804ec8637c0503b565a4f97418b9d4ccb780fa61e8c2bb15b7810bd7de8
SHA512

5a3d5d11279896fc9bc101576eb3f2cd0e10fed962a7ca9e95be743e93424c5a096d603cd219eff5cef20587c93950812dadeabd29c8942ca068cca5f4e1b43c
SSDEEP

6144:ldbHh7PAkOoB8AGaz87uURxdbHh7PAkOoB8AGaz87uURw:LhbA6BfW6UthbA6BfW6Uu

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eebf5ed88209a8c435570cb02d76da38_JaffaCakes118

Files

eebf5ed88209a8c435570cb02d76da38_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b996feb488217d369e9699ef7ec3cb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
GetProcAddress
LoadLibraryA
ResumeThread
CreateThread
CreateEventA
CloseHandle
DeleteCriticalSection
lstrcpyA
ResetEvent
GetPrivateProfileSectionNamesA
FreeLibrary
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
CreateProcessA
GetDriveTypeA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
WriteFile
MoveFileA
SetLastError
GetFileAttributesA
lstrcatA
WinExec
GetCurrentProcess
OpenProcess
WaitForSingleObject
Sleep
InitializeCriticalSection
ExitProcess
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
LocalAlloc
SetFilePointer
GetLocalTime
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalSize
InterlockedExchange
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
OutputDebugStringA
GlobalMemoryStatus
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeConsole
LocalSize
GetCurrentThreadId
RaiseException

msvcrt

strncpy
atoi
strncmp
_errno
wcscpy
strncat
realloc
strrchr
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??3@YAXPAX@Z
_except_handler3
free
malloc
strchr
_CxxThrowException
memmove
strstr
_ftol
ceil
__CxxFrameHandler
wcstombs
_strupr
_strnicmp
_strrev
_strnset
??2@YAPAXI@Z
_strcmpi

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

netapi32

NetLocalGroupAddMembers
NetUserAdd

msvfw32

ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSendMessage

Exports

Exports

CodeDLL
Fuck360
PassWordA
PassWordB
ServerDll
UsernameA
main

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b996feb488217d369e9699ef7ec3cb3

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

netapi32

msvfw32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 192B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 192B

.reloc
Size: 8KB - Virtual size: 7KB