gh0strat | 105fa3eea186d94d93e942cb658386af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

105fa3eea186d94d93e942cb658386af_JaffaCakes118
Size

70KB
MD5

105fa3eea186d94d93e942cb658386af
SHA1

19053866f0dd544ccc608d0e777f645d738798c0
SHA256

dfcea0ab3710d1710d8a8bd7fdc2b0b7ad829ab739572a6e1efe705b884808db
SHA512

199d8f66f6990911f8f2f1297d8321f353e46d68e0bc89e058a94c28b91d3abe6a0894633384b9791b8228027d843fa49a40c684256945e36f0c56e4d910bdcf
SSDEEP

1536:2e0MS1vT7XBLGskFaL7N135Qco+Bfy0URGfJs2jBZJhD6BxI:T0MS1vnXRuFall5Q/+xy0UREi2jBZJN5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
105fa3eea186d94d93e942cb658386af_JaffaCakes118

Files

105fa3eea186d94d93e942cb658386af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccba98d5220b56bc3825da25f5a6dfd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
WriteFile
SetFilePointer
LocalFree
ReadFile
lstrcatA
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileA
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
CreateFileMappingA
CreateMutexA
WinExec
CreateDirectoryA
LocalSize
lstrcmpiA
GetCurrentThreadId
DeleteFileA
GetLastError
GetStartupInfoA
GetModuleHandleA
OpenProcess
TerminateProcess
CreateProcessA
LocalAlloc
InitializeCriticalSection
TerminateThread
lstrlenA
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
GetTempPathA
CreateToolhelp32Snapshot
Process32First
Process32Next
FindFirstFileA
FindClose
CreateFileA
GetFileSize
GetModuleFileNameA
ExpandEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetTickCount

user32

SetThreadDesktop
EnumWindows
ExitWindowsEx
MessageBoxA
CloseWindow
FindWindowA
LoadIconA
RegisterClassA
CreateWindowExA
SetWindowLongA
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorPos
GetCursorInfo
ReleaseDC
OpenInputDesktop
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
BlockInput
wsprintfA
CharNextA
LoadCursorA
DestroyCursor
SendMessageA
PostMessageA
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
GetDesktopWindow
CloseDesktop

gdi32

DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
GetDIBits
DeleteObject
SelectObject
CreateDIBSection

advapi32

RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA

msvcrt

realloc
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
_strnicmp
??3@YAXPAX@Z
malloc
fclose
fwrite
fseek
fopen
exit
sprintf
free
_except_handler3
strchr
strncat
atoi
strtok
_beginthreadex
calloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_stricmp
_strlwr
_controlfp

ws2_32

send
gethostname
getsockname
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
select

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses
EnumProcessModules

avicap32

capGetDriverDescriptionA

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ccba98d5220b56bc3825da25f5a6dfd4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

psapi

avicap32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 10KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 10KB