gh0strat | 0f2a8f8719274d2d4dc11204c95b1d3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f2a8f8719274d2d4dc11204c95b1d3a_JaffaCakes118
Size

69KB
MD5

0f2a8f8719274d2d4dc11204c95b1d3a
SHA1

1baa10be72dbe0a31a6a824db774a525c1a45f4d
SHA256

5706b2a308404eafbf412a3c5cd07fdbb879cc39f0c4e2ca49910d42d3de6c5d
SHA512

daf6cc7e4812eb62f1e2d69c78c9346265f138124a75d589da3e1eb37b860480eb84c26687a0191a073daf519d645364baa8152659af8e18e2ecfbcd6d550fb5
SSDEEP

1536:ZcEwfhz2YCkSzrFLkkK8/0wN2Bcvv8fnyCcRXS8tb:+Ewfhz2YCt68/t2BYvenyC4XSOb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f2a8f8719274d2d4dc11204c95b1d3a_JaffaCakes118

Files

0f2a8f8719274d2d4dc11204c95b1d3a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f58c80b0fb7bc0c82cf515c8f9dda74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
ResetEvent
lstrcpyA
WaitForSingleObject
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
GetProcAddress
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetTempPathA
GetModuleFileNameA
SetLastError
GetCurrentProcess
VirtualAllocEx
OpenProcess
TerminateThread
GetWindowsDirectoryA
GetLocalTime
GetVersionExA
GetTickCount
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
RaiseException
CreateFileA
FreeLibrary

msvcrt

strncat
strchr
realloc
atoi
wcstombs
_beginthreadex
strtok
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strncpy
strrchr
_except_handler3
malloc
free
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
strstr
calloc
_ftol
ceil
memmove
??3@YAXPAX@Z
_strnset
_strnicmp
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

avicap32

capGetDriverDescriptionA

Exports

Exports

CH
JustforFun1
JustforFun2
JustforFun3
ServiceMain

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f58c80b0fb7bc0c82cf515c8f9dda74

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

avicap32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB