gh0strat | 1051d6fdf852bd87ddc91db455abb186_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1051d6fdf852bd87ddc91db455abb186_JaffaCakes118
Size

152KB
MD5

1051d6fdf852bd87ddc91db455abb186
SHA1

eeb96215d45852b9eb5ff7eafa283a6e1640da31
SHA256

cdd81190337cfdb38da47dd4cb39130c213839500b3916f1db613558d07d56a8
SHA512

2eaf3151ac4c6f522f7dc7f085a5d83814e2f7060c34da2376f0d2cf43a0dcef08582d263ac2d5bd24114716d8ab272a5f642b3782c04268cb800348be64998c
SSDEEP

3072:IqdAYX4Jy7eOZzTNmJ5moYsR9hSTCnTBftBf0Gq1BQr/E5Na:IkyyywTNmyoYsR9hSTCnTBlBf0Gq1j

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1051d6fdf852bd87ddc91db455abb186_JaffaCakes118

Files

1051d6fdf852bd87ddc91db455abb186_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9ad01b4ae27e002a68eb65c2d9ded59b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wvsprintfA
LoadCursorA
DestroyCursor
GetCursorInfo
GetClassNameA
GetWindow
ShowWindow
EnableWindow
CreateWindowExA
DestroyWindow
CloseWindowStation
MessageBoxA
wsprintfA

kernel32

InterlockedExchange
RaiseException
IsBadStringPtrW
IsBadReadPtr
ExitThread
RemoveDirectoryA
DeleteFileA
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
GetTickCount
CloseHandle
ExitProcess
lstrcatA
lstrlenA
lstrcpyA
GetSystemDirectoryA
Sleep
GetExitCodeProcess
GetCurrentThreadId
lstrcmpiA
GetTempFileNameA
LocalFree
LocalSize
GetModuleFileNameA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
GetLastError
MultiByteToWideChar
FreeLibrary
GetProcAddress
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
LocalAlloc
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
LocalReAlloc
LoadLibraryA
GetCurrentProcessId
GetFileAttributesExA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetSystemInfo
GetProcessTimes
GetCurrentProcess

msvcrt

srand
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_wcsicmp
_strupr
_stricmp
_strlwr
_memicmp
__CxxFrameHandler
??3@YAXPAX@Z
strrchr
malloc
strstr
??2@YAPAXI@Z
strncpy
free
_except_handler3
memmove
ceil
_ftol
rand
strncat
strchr
_beginthreadex
realloc
wcslen
atoi
strtol
wcstombs
_CxxThrowException
wcsrchr

Exports

Exports

?AddLDMObjMapEntry
?FreeArrayOfStrings@@YGXPAUarrayOfStrings@@@Z
?GetDiskCount
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetVolumeCount@CDataCache@@QAEKXZ
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad01b4ae27e002a68eb65c2d9ded59b

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB