gh0strat | JaffaCakes118_4df51c9c1d1ba6d3c9778c07bf4151af

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4df51c9c1d1ba6d3c9778c07bf4151af
Size

134KB
MD5

4df51c9c1d1ba6d3c9778c07bf4151af
SHA1

0dce1ef639d7d9f672a89c404917e9902759e5ff
SHA256

c2d170f6043dd3ea76340e24ec27bb96cf9b77c554251d00f885d25fa7e2d017
SHA512

f7061dc4b242d21d97a6abcd3c85d428121121be18f14b18dcef4d0ccbfd61baa232456f38bdf4d16362d12dce365f9ab40ac276d6f02d4aeb927e68691d7ca0
SSDEEP

3072:qOrSnIpxpsrZg5gSvWOUHdUeM+AqOELvNcbDIr9wzA:qOrSnixmgfFUHidJqReDq

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4df51c9c1d1ba6d3c9778c07bf4151af

Files

JaffaCakes118_4df51c9c1d1ba6d3c9778c07bf4151af
.exe windows:4 windows x86 arch:x86

03571078a948ca8b82ba42ab1b6fe5cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
GetFileAttributesA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
WritePrivateProfileStringA
Sleep
CreateThread
GetCurrentThreadId
GetStartupInfoA
GetPrivateProfileStringA
GetModuleFileNameA
SetFilePointer
ReadFile
GetProcessHeap
HeapAlloc
GetProcAddress
HeapFree
GetLastError
GetWindowsDirectoryA
SetLastError
lstrcpyA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
CreateFileA
ExitProcess
GetSystemDirectoryA
lstrcatA
FindFirstFileA
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
lstrlenA
FreeResource
MoveFileA
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetCommandLineA

user32

GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
TranslateMessage
LoadCursorA
LoadIconA
wsprintfA
PostThreadMessageA
DispatchMessageA
RegisterClassExA
DefWindowProcA
PostQuitMessage
GetInputState

advapi32

GetUserNameA
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegOpenKeyExA
RegSaveKeyA
RegCloseKey
RegCreateKeyExA
RegRestoreKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
LookupAccountNameA
RegDeleteValueA
RegDeleteKeyA
InitializeAcl

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
??3@YAXPAX@Z
strchr
strstr
realloc
malloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03571078a948ca8b82ba42ab1b6fe5cc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 122KB - Virtual size: 121KB

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 122KB - Virtual size: 121KB