gh0strat | 52de65b8997972419360a671ac255fad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52de65b8997972419360a671ac255fad_JaffaCakes118
Size

149KB
MD5

52de65b8997972419360a671ac255fad
SHA1

9e3630339530607ae1fe8d132f2fcd6253d5f7b9
SHA256

c575beaf6d98626064bf16d0c397e136a463f73cf3c539adfc8477f5bf32767d
SHA512

dbdf0fecbd5dacb6b8c9fb058739339f678aaaa096032be58b885beaf363bf98b9e4af4d4a907854c7df92211e32d9972c5260b9b6b9f26172241457feacf7ac
SSDEEP

3072:eM7q18GIHdszptVYST72snSIZ6CsavsTKWMNTBftj16VNp:eM7YtxUwID2WMNTBlj1Wp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52de65b8997972419360a671ac255fad_JaffaCakes118

Files

52de65b8997972419360a671ac255fad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bfb1f62f3b4399403b9f17bb12d30d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
lstrcatA
GetSystemDirectoryA
FreeLibrary
GetTickCount
lstrlenA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
GetLastError
CreateFileMappingA
GetShortPathNameA
lstrcpyA
HeapAlloc
LocalFree
LocalAlloc
GetModuleFileNameA
SetUnhandledExceptionFilter
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
lstrcmpiA
GetProcAddress
LocalReAlloc
LocalSize
GetCurrentThreadId
GetTempFileNameA
MultiByteToWideChar
CloseHandle
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
ExpandEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
VirtualProtect
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
GlobalFree
GlobalAlloc
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
RaiseException
WideCharToMultiByte
Sleep
LoadLibraryA

user32

wvsprintfA
MessageBoxA
CloseWindowStation
DestroyWindow
CreateWindowExA
ShowWindow
GetCursorInfo
DestroyCursor
wsprintfA
LoadCursorA

advapi32

RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strupr
_strlwr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
wcsrchr
_except_handler3
strchr
strncat
strncpy
free
malloc
rand
srand
_ftol
strrchr
strstr
memmove
ceil
_CxxThrowException
_beginthreadex
wcslen
atoi
wcstombs
_wcsicmp
_memicmp

Exports

Exports

TestProject

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfb1f62f3b4399403b9f17bb12d30d6a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB