gh0strat | 440d7767018e92b94404e844ee93d3e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

440d7767018e92b94404e844ee93d3e5_JaffaCakes118
Size

152KB
MD5

440d7767018e92b94404e844ee93d3e5
SHA1

804a6f9f6c0001aa100952e105d9496fe6c209e2
SHA256

ad0aeb5605cabe3fc1a1c381ee7ecd14f87becc2593bb5752fa200ec6c57ca66
SHA512

57369b309aa1b998690a9d3c1ee07dcd309f2440e32ddff6f8869d4249984d4b0819f8d86edc6f057b305549cea609fd1e6e9067242b23b0bbcc60a85b2325ba
SSDEEP

3072:YChMUyJ0LzOUJTkOdSaDWX2XRTBftbmL+n0y:JMmzOUtkOdSaK2XRTBlbDn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
440d7767018e92b94404e844ee93d3e5_JaffaCakes118

Files

440d7767018e92b94404e844ee93d3e5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

74db47bb9e8565caa902dbac2af4f590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CloseWindowStation
wvsprintfA
MessageBoxA
CreateWindowExA
DestroyWindow
LoadCursorA
DestroyCursor
GetCursorInfo
ShowWindow
wsprintfA

kernel32

RemoveDirectoryA
RaiseException
VirtualAlloc
VirtualFree
IsBadWritePtr
FormatMessageA
SetUnhandledExceptionFilter
GetShortPathNameA
CreateFileMappingA
CloseHandle
VirtualQuery
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
lstrcatA
lstrcpyA
GetSystemDirectoryA
MultiByteToWideChar
lstrlenA
lstrcmpiA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetLastError
GetModuleFileNameA
GetTickCount
LocalFree
LocalReAlloc
LocalSize
LocalAlloc
Sleep
InterlockedDecrement
InterlockedIncrement
ExitProcess
GetExitCodeProcess
GetVersionExA
ExpandEnvironmentStringsA
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
GetTempFileNameA
DeleteFileA
LoadLibraryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile

msvcrt

strrchr
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_wcsicmp
_strupr
_memicmp
strstr
rand
srand
_ftol
strchr
strncat
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_beginthreadex
free
malloc
strncpy
_CxxThrowException
atoi
wcstombs
wcsrchr
memmove
ceil
wcslen
_strlwr

Exports

Exports

CAAccessCheck
CAAccessCheckEx
CAAddCACertificateType
CACertTypeAccessCheck
CACertTypeAccessCheckEx
CACertTypeGetSecurity
CACertTypeQuery
CACertTypeRegisterQuery
CACertTypeSetSecurity
CACertTypeUnregisterQuery
CACloneCertType
CACloseCA
CACloseCertType
CACountCAs
CACountCertTypes
CACreateAutoEnrollmentObjectEx
CACreateCertType
CACreateLocalAutoEnrollmentObject
CACreateNewCA
CADeleteCA
CADeleteCertType
CADeleteLocalAutoEnrollmentObject
CAEnumCertTypes
CAEnumCertTypesEx
CAEnumCertTypesForCA
CAEnumCertTypesForCAEx
CAEnumFirstCA
CAEnumNextCA
CAEnumNextCertType
CAFindByCertType
CAFindByIssuerDN
CAFindByName
CAFindCertTypeByName
CAFreeCAProperty
CAFreeCertTypeExtensions
CAFreeCertTypeProperty
CAGetCACertificate
CAGetCAExpiration
CAGetCAFlags
CAGetCAProperty
CAGetCASecurity
CAGetCertTypeExpiration
CAGetCertTypeExtensions
CAGetCertTypeExtensionsEx
CAGetCertTypeFlags
CAGetCertTypeFlagsEx
CAGetCertTypeKeySpec
CAGetCertTypeProperty
CAGetCertTypePropertyEx
CAGetDN

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74db47bb9e8565caa902dbac2af4f590

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB