gh0strat | 07af77a68c32844bae15bcb581c801a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07af77a68c32844bae15bcb581c801a9_JaffaCakes118
Size

148KB
MD5

07af77a68c32844bae15bcb581c801a9
SHA1

1dda582fa89ee8fa256615f0c090771a23c17a6e
SHA256

e008ddd3e3f3f99da4b84bd70c8d8cb88af0216d9a8288fa976ef91f9557312a
SHA512

42573be697f191ea99cc3a6ca986ca1ab45345b02382cc6cc6d9f9e1fda7e3576d7ad953d69ec39f754f3832c66dd53586d191ff4d0e29b95b96343243c68da5
SSDEEP

3072:gSWFnvAnZdT2amvh6dn1ceHCWD9mTBftDaR3CwNtK:gSEnvAb2sd1MWD9mTBleR3p6

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07af77a68c32844bae15bcb581c801a9_JaffaCakes118

Files

07af77a68c32844bae15bcb581c801a9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8a593a55ea5753678ec244a4ce063e89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString

shlwapi

StrStrIA

user32

LoadCursorA
DestroyCursor
GetCursorInfo
CreateWindowExA
wsprintfA
MessageBoxA
wvsprintfA
CloseWindowStation
GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
DestroyWindow

kernel32

DeleteFileA
RaiseException
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
GetFileAttributesExA
GetCurrentProcessId
IsBadStringPtrW
IsBadReadPtr
GetShortPathNameA
ExitThread
RemoveDirectoryA
LoadLibraryA
GlobalMemoryStatusEx
GetCurrentProcess
GetProcessTimes
CloseHandle
ExpandEnvironmentStringsA
GetLastError
lstrcpyA
lstrlenA
lstrcatA
LocalFree
LocalReAlloc
LocalAlloc
Sleep
InterlockedExchange
GetSystemDirectoryA
FreeLibrary
InitializeCriticalSection
GetTickCount
LeaveCriticalSection
LocalSize
ExitProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
lstrcmpiA
GetVersionExA
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
VirtualQuery
WideCharToMultiByte
GetTempFileNameA
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
SetUnhandledExceptionFilter
FormatMessageA
IsBadWritePtr
GetSystemInfo

ws2_32

WSACleanup
gethostname
gethostbyname
closesocket
WSAIoctl
setsockopt
WSAStartup
socket
connect
getsockname
select
recv
send
shutdown

iphlpapi

GetAdaptersInfo

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

msvcrt

_strlwr
_CxxThrowException
strncpy
wcsrchr
??2@YAPAXI@Z
strrchr
strstr
_except_handler3
malloc
free
??3@YAXPAX@Z
__CxxFrameHandler
_beginthreadex
memmove
ceil
wcslen
strchr
strncat
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_stricmp
_memicmp
_ftol
_wcsicmp
_strupr
realloc
wcstombs
atoi
srand
rand

Exports

Exports

AppCleanup
capCreateCaptureWindowA
capCreateCaptureWindowW
capGetDriverDescriptionA

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a593a55ea5753678ec244a4ce063e89

Headers

File Characteristics

Imports

oleaut32

shlwapi

user32

kernel32

ws2_32

iphlpapi

userenv

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB