gh0strat | 042f0c292d722ad2142981a1dc5da1bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

042f0c292d722ad2142981a1dc5da1bb_JaffaCakes118
Size

3.0MB
MD5

042f0c292d722ad2142981a1dc5da1bb
SHA1

ddbba57373e1aeebb08936e03d32f5df3d7033d8
SHA256

0867c6948b42f6ec242d63fc3478d4b83a239b4957b929bfaea3d7977f7c10aa
SHA512

308adb865ed3f6beb9a9e449bd767f0a28b1551a0086e27619fde9cb27a1ae834fde220d536d36332e45db8222d0513f57b374683cca6db1d30c15b051b92c12
SSDEEP

3072:fYxts03lgwBWHWVKhqvEzO/V1VrNYQkCA+HFSWvF3TBftjnob2s:Q3hWHA9DNYtEHhvF3TBljnobF

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
042f0c292d722ad2142981a1dc5da1bb_JaffaCakes118

Files

042f0c292d722ad2142981a1dc5da1bb_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

353dc1e4435a9bfc608062d16c73dfc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryA
GetLocalTime
LoadResource
SizeofResource
FindResourceA
GetWindowsDirectoryA
DeleteFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
ReadFile
GetFileSize
MoveFileA
WritePrivateProfileStringA
CopyFileA
GetModuleFileNameA
GetLastError
CreateEventA
CreateThread
Sleep
GetCurrentThreadId
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

TranslateMessage
DispatchMessageA
DefWindowProcA
LoadIconA
GetInputState
FindWindowA
PostMessageA
wsprintfA
PostThreadMessageA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA

shell32

ShellExecuteA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

353dc1e4435a9bfc608062d16c73dfc5

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 173KB - Virtual size: 173KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 173KB - Virtual size: 173KB