gh0strat | 293a44c0770da0f4647f7fb0b6fbc57b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

293a44c0770da0f4647f7fb0b6fbc57b_JaffaCakes118
Size

152KB
MD5

293a44c0770da0f4647f7fb0b6fbc57b
SHA1

7fd981c7ad4e175f4f78a1cd33d6e56d1e17f2ef
SHA256

1e34a4fb63f8cbb576eacc09e12c30c5b4f3d1969e2d265ae30f7263bcc74b75
SHA512

29224d702d0409bc87e222cb6805fd6cf225177d4debeda5967b6fe075a2811e5aed12c61cc5f34ca260a1a24899ed06cba9cd29d69fe6c9a085e44013873918
SSDEEP

3072:iCyipd15NgjgYEOmBe3q1e4Y7hSToTVBTBftPhdG9l6:GkNgNElBjYv7hSToZBTBlPhdGK

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293a44c0770da0f4647f7fb0b6fbc57b_JaffaCakes118

Files

293a44c0770da0f4647f7fb0b6fbc57b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b184e8e3bc432dcadf045bf8fbe9ca4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ShowWindow
LoadCursorA
DestroyCursor
GetCursorInfo
CreateWindowExA
DestroyWindow
CloseWindowStation
MessageBoxA
wsprintfA
wvsprintfA

kernel32

HeapFree
RaiseException
GetExitCodeProcess
ExitProcess
IsBadStringPtrW
IsBadReadPtr
ExitThread
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
lstrcatA
GetModuleFileNameA
SetUnhandledExceptionFilter
CloseHandle
GetLocalTime
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
lstrcpyA
GetSystemDirectoryA
MultiByteToWideChar
lstrlenA
lstrcmpiA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLastError
GetTickCount
InterlockedExchange
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
FreeLibrary
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
ExpandEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
LoadLibraryA
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
VirtualFree
VirtualAlloc
GetCurrentProcess
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx

msvcrt

memmove
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_wcsicmp
_memicmp
strstr
rand
srand
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
strncpy
_CxxThrowException
strchr
free
malloc
ceil
wcsrchr
wcslen
strncat
atoi
wcstombs
strrchr
_beginthreadex
_strlwr

Exports

Exports

DhcpAcquireParameters
DhcpAcquireParametersByBroadcast
DhcpCApiCleanup
DhcpCApiInitialize
DhcpDeRegisterOptions
DhcpDeRegisterParamChange
DhcpDelPersistentRequestParams
DhcpEnumClasses
DhcpFallbackRefreshParams
DhcpHandlePnPEvent
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpNotifyMediaReconnected
DhcpOpenGlobalEvent
DhcpPersistentRequestParams
DhcpRegisterOptions
DhcpRegisterParamChange
DhcpReleaseIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpReleaseParameters
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpRenewIpAddressLeaseEx
DhcpRequestOptions
DhcpRequestParams
DhcpStaticRefreshParams
DhcpUndoRequestParams
McastApiCleanup
McastApiStartup
McastEnumerateScopes
McastGenUID
McastReleaseAddress
McastRenewAddress
McastRequestAddress
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b184e8e3bc432dcadf045bf8fbe9ca4b

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB