gh0strat | fdfe9dcf8d164549e143eee64c13af63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdfe9dcf8d164549e143eee64c13af63_JaffaCakes118
Size

148KB
MD5

fdfe9dcf8d164549e143eee64c13af63
SHA1

61e576ad7905f89038be517f3fea0a27292976b5
SHA256

6813c4f11ffd588531cfc21ee1f4543a92f727e8079edbdb02e61ccec809b9cf
SHA512

fc5c3ad893956c4312b46124c7a8f428ebabeba9777d408d63a23b0f065ca7e30ac9c948fea06aec2422e4076126a13be6f78c62051473f154886c6e0a5454bb
SSDEEP

3072:lNWZQlpUaKGc8HJWUvmOVZmG415Xrsrj5TBftJIi5N:LpQGcAJZIlbW5TBlJIi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdfe9dcf8d164549e143eee64c13af63_JaffaCakes118

Files

fdfe9dcf8d164549e143eee64c13af63_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7b2a558c4fa322d25af552fe945f3ddf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
wvsprintfA
LoadCursorA
DestroyCursor
GetCursorInfo
CloseWindowStation
GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
CreateWindowExA
DestroyWindow
MessageBoxA

kernel32

SetEnvironmentVariableA
RaiseException
CreateFileMappingA
MapViewOfFile
GlobalSize
GlobalLock
GlobalUnlock
GetLongPathNameA
GetTempPathA
LoadLibraryA
GetFileAttributesExA
GetCurrentProcessId
LocalSize
VirtualQuery
CloseHandle
ExpandEnvironmentStringsA
GetLastError
lstrcpyA
lstrlenA
lstrcatA
LocalFree
LocalReAlloc
LocalAlloc
MultiByteToWideChar
FreeLibrary
GetProcAddress
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
lstrcmpiA
Sleep
GetModuleHandleA
InitializeCriticalSection
GetTickCount
InterlockedExchange
LeaveCriticalSection
VirtualFree
VirtualAlloc
ExitProcess
GetSystemDirectoryA
GetCurrentThreadId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GlobalFree
GlobalAlloc
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
IsBadReadPtr
IsBadStringPtrW

shlwapi

StrStrIA

oleaut32

SysFreeString

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

ws2_32

getsockname
send
closesocket
shutdown
gethostname
gethostbyname
socket
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
select
recv

iphlpapi

GetAdaptersInfo

msvcrt

strncat
strchr
strncpy
??2@YAPAXI@Z
strrchr
strstr
_except_handler3
malloc
free
??3@YAXPAX@Z
__CxxFrameHandler
_ftol
memmove
ceil
_beginthreadex
atoi
rand
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_stricmp
_memicmp
_wcsicmp
_CxxThrowException
_strlwr
_strupr
wcslen
realloc
wcsrchr
wcstombs
srand

Exports

Exports

WEP
cdtAnimate
cdtDraw
cdtDrawExt

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b2a558c4fa322d25af552fe945f3ddf

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

oleaut32

userenv

ws2_32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB