gh0strat | 0b84f97dbd39bde761ef408be36733e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b84f97dbd39bde761ef408be36733e7_JaffaCakes118
Size

120KB
MD5

0b84f97dbd39bde761ef408be36733e7
SHA1

6a8498461be00386c72671caa1730025c84afdae
SHA256

ab280513145f7baf9352c9f5516a4acdcddde2a501dfb11ca50238a2841f3107
SHA512

232739380c5abe2481e0ee8a740d77c9afd89cdf22e4a92eb5ea78145127a397d4e50a2cb0d97bdfd5760347c8f304d03bdb16c9d2eb5dd36513fd855312db15
SSDEEP

3072:20RSi17eJ8mbVwYLK2CxErHV4XAViniQ6SA8:20U+7b2+twVfQ6SJ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b84f97dbd39bde761ef408be36733e7_JaffaCakes118

Files

0b84f97dbd39bde761ef408be36733e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ac2c55045d847ece3f3bec3ded38515

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
VirtualFree
VirtualAlloc
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
Sleep
DeleteFileA
GetLastError
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetCurrentProcess
FreeLibrary
OpenProcess
ExitThread
CreateThread
GetTickCount
WinExec
OutputDebugStringA
GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
ResumeThread
SetThreadPriority
GetCurrentThread
GetEnvironmentVariableA
GetShortPathNameA
ReleaseMutex
OpenEventA
SetErrorMode
ExitProcess
CreateMutexA
CopyFileA
LocalSize
Process32Next
Process32First
lstrcmpiA
GetCurrentThreadId
RaiseException

msvcrt

atoi
rand
srand
time
printf
exit
strncat
strncmp
_beginthreadex
calloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
strrchr
_except_handler3
malloc
free
_ftol
ceil
_CxxThrowException
memmove
__CxxFrameHandler
strchr
??3@YAXPAX@Z
_strnicmp
??2@YAPAXI@Z
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSendMessage

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ac2c55045d847ece3f3bec3ded38515

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 280B - Virtual size: 280B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 280B - Virtual size: 280B