gh0strat | JaffaCakes118_4b2d0be517d68747a0437ce4c3ceb87d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4b2d0be517d68747a0437ce4c3ceb87d
Size

473KB
MD5

4b2d0be517d68747a0437ce4c3ceb87d
SHA1

4e3d336a11d23d77d4ee65381d0c34750ae0e5d2
SHA256

a3cdbfb40b5223168e5d525f4c749256fd61786865af1d3e1c5c7c18f5d6fd24
SHA512

1904516caba467432de1069a4db816ddf0e0c8a85b06c1b6a36467801f0f634920664a65f5ca1ed1673a32788c08479a384219e03848071ca41b382065f62825
SSDEEP

12288:viv52HrLZww1/Hr+TUvLcHWOmWEFsR6GME/OJRM5:viRaZww1/Hr+TUvLctmDF3GME/ARM5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4b2d0be517d68747a0437ce4c3ceb87d

Files

JaffaCakes118_4b2d0be517d68747a0437ce4c3ceb87d
.exe windows:4 windows x86 arch:x86

b8f11b6fdcb5564d9a26563e3f11f529

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
GlobalMemoryStatus
SetPriorityClass
GetModuleFileNameA
GetStartupInfoA
OpenProcess
Process32Next
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetTickCount
MultiByteToWideChar
Sleep
DeviceIoControl
GetVersion
MoveFileA
LocalAlloc
FindFirstFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
InterlockedExchange
lstrcpyA
ResetEvent
GetProcAddress
WideCharToMultiByte
LeaveCriticalSection
LoadLibraryA
GetSystemInfo
GetLastError
RaiseException
GetModuleHandleA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

oleaut32

SysFreeString

msvcrt

_adjust_fdiv
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil
_ftol
strstr
_purecall
strchr
malloc
free
_except_handler3
strrchr
exit
atoi
strncmp
strncpy
_errno
wcscpy
strncat
_beginthreadex
sprintf
vsprintf
calloc
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
??1type_info@@UAE@XZ
__p__commode
__p__fmode
__set_app_type
_controlfp
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp

winmm

waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveOutWrite
waveOutClose
waveInAddBuffer
waveInStart
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader

netapi32

NetLocalGroupAddMembers
NetUserAdd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8f11b6fdcb5564d9a26563e3f11f529

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

oleaut32

msvcrt

winmm

netapi32

wtsapi32

Sections

.text Size: 449KB - Virtual size: 449KB

.data Size: 22KB - Virtual size: 484KB

.rsrc Size: 512B - Virtual size: 408B

.text
Size: 449KB - Virtual size: 449KB

.data
Size: 22KB - Virtual size: 484KB

.rsrc
Size: 512B - Virtual size: 408B