gh0strat | 111d97cb07873f8520dddb626ee78891_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

111d97cb07873f8520dddb626ee78891_JaffaCakes118
Size

31KB
MD5

111d97cb07873f8520dddb626ee78891
SHA1

659af883690abc9ecfc0eeb8387bf5ece1581efd
SHA256

eb22f682a2d00cbd7eb1a2ce5491de0845670a1af56a49677e9bd8b61660b954
SHA512

c50d8e0fa5ef5884159be9283230600187d90704d6f2f87b7fb6b913764261aed9346ae413d2543fda3461f83284a94bf267b19a01cb79b00a66520c6aeeba50
SSDEEP

384:+YL0CZsW6+UZCooq2MAeOm2FDkSR74lT7ZgYD0kJdzt1hWB09YSc+xCQ4Wtvs7:rb0/B3AfFD5h+bzRW2c+gQ/s

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
111d97cb07873f8520dddb626ee78891_JaffaCakes118

Files

111d97cb07873f8520dddb626ee78891_JaffaCakes118
.dll windows:4 windows x86 arch:x86

76c3d3828a5b92670785e193d80f0b6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CreateProcessA
GetTickCount
lstrcpyA
GetCurrentProcess
OpenProcess
GetFileSize
CreateDirectoryA
WriteFile
MoveFileExA
LocalAlloc
MoveFileA
TerminateThread
FindClose
GetVersionExA
CreateMutexA
SetUnhandledExceptionFilter
SetErrorMode
FreeConsole
GetCurrentThreadId
RemoveDirectoryA
GetFileAttributesA
lstrcatA
lstrcmpiA
lstrlenA
LocalFree
GetLastError
GetModuleFileNameA
CreateFileA
SetFilePointer
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
InitializeCriticalSection
CancelIo
InterlockedExchange
SetEvent
ResetEvent
CreateThread
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection

user32

wsprintfA
ExitWindowsEx
CloseDesktop
SetThreadDesktop
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop

advapi32

OpenEventLogA
ClearEventLogA
CloseEventLog
RegisterServiceCtrlHandlerA
SetServiceStatus

msvcrt

_beginthreadex
_adjust_fdiv
_initterm
free
_onexit
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
strchr
strcspn
strrchr
malloc
_except_handler3
strncat
realloc
atoi
printf
_stricmp
wcstombs
strncpy
_strnicmp
??1type_info@@UAE@XZ
__dllonexit

ws2_32

gethostbyname
socket
select
htons
closesocket
send
gethostname
getsockname
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
recv

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

ServiceMain
_run@16

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76c3d3828a5b92670785e193d80f0b6c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 43KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 43KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB