gh0strat | 08b4370c54c08cac374194366f60ef96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08b4370c54c08cac374194366f60ef96_JaffaCakes118
Size

156KB
MD5

08b4370c54c08cac374194366f60ef96
SHA1

4dc3b575410ba89e92e433cb1b679ef3d623a8c3
SHA256

148e841793c7941dddba2308d88dbd4f34792ba218c0dd93da24e3433a0a0ff7
SHA512

b0265c413c9dac219071fe2f66967a55df0d75dbdae45ebb7d935350f668ce304c98548b051878fd53bbe010c41ea0535b65d121220a003a3559ee6eaa87f55e
SSDEEP

3072:ja5gMYN37IHH1kdkOefmuvvpONDIK3I21quudP:BMYNMHwkNf7vU+K4gquud

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08b4370c54c08cac374194366f60ef96_JaffaCakes118

Files

08b4370c54c08cac374194366f60ef96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e02f62991001217455ed7a36e36d76f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
GetModuleHandleA
GetProcessHeap
GetProcAddress
lstrcatA
GetCurrentProcessId
FreeLibrary
CreateThread
Sleep
MultiByteToWideChar
lstrlenA
CloseHandle
GetCurrentProcess
OpenProcess
HeapAlloc
GlobalUnlock
GetLocalTime
GetTickCount
LoadLibraryA
GetStartupInfoA

user32

GetCursorInfo
LoadCursorA
DestroyCursor
EmptyClipboard
OpenClipboard
CloseClipboard
GetSystemMetrics
SetRect
ReleaseDC
SendMessageA
CreateWindowExA
IsWindow

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
StartServiceA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

_strupr
_strnicmp
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
rand
sprintf
strncpy
strchr
malloc
_except_handler3
_iob
atoi
wcscpy
strncmp
free
_errno
exit
strncat
atol
_beginthreadex
calloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strcmpi

ws2_32

closesocket
sendto
gethostname
__WSAFDIsSet
listen
accept
getpeername
bind
getsockname
inet_addr
send
socket
gethostbyname
htons
connect
WSAIoctl
select
recv
WSACleanup
WSAStartup
ntohs
inet_ntoa
htonl
setsockopt

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

netapi32

NetUserAdd
NetLocalGroupAddMembers

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart

Exports

Exports

aabbccdd
daxuewuli
eeffgghh
gaoshu
gongchengshuxue
iijjkkmm

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e02f62991001217455ed7a36e36d76f8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

wininet

msvcp60

netapi32

msvfw32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 13KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 13KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 4KB