gh0strat | JaffaCakes118_30ff3a9c632a1f1a2b3a021999b877b0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_30ff3a9c632a1f1a2b3a021999b877b0
Size

87KB
MD5

30ff3a9c632a1f1a2b3a021999b877b0
SHA1

d93403d2bc5dd5720140d1531bbdafbf0cadd53b
SHA256

5371d4b09f2e0d89431535352f0f16fe1b9a8e5aeed9f3f294cec0d4c187b515
SHA512

fd58134dcb11501e0cab18501739eb7583d2cfb9a17289f6de5328a1ca6d701a28a26e624d8450d1f4af32fb71b46901aa76dcda3efdf066b685cbbaefeed17c
SSDEEP

1536:rd5PD2gQMTmQQ9dZyQwRHM1OesBk6owDnLYriZOOyoXzroIOKnToIftyyuiHmwmt:rd5PDmMymyxwDnLqfOyIemTBftLuImw5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_30ff3a9c632a1f1a2b3a021999b877b0

Files

JaffaCakes118_30ff3a9c632a1f1a2b3a021999b877b0
.dll windows:4 windows x86 arch:x86

f5b58a783846cf37fd2010b034fe0330

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
GetTickCount
GetCurrentThreadId
WinExec
WriteFile
CreateFileA
CreateThread
GetSystemDirectoryA
TerminateProcess
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocalTime
GetVersionExA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
DeleteFileA
lstrlenA
ReadFile
SetFilePointer
GetModuleFileNameA
GetLastError
SetLastError
LocalFree
HeapFree
FindFirstFileA
GetSystemInfo
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrcatA
TerminateThread
MoveFileExA
MoveFileA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
LocalAlloc
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
RaiseException

msvcrt

memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
rand
sprintf
strncpy
strcspn
atoi
_except_handler3
strrchr
malloc
printf
strncat
strchr
realloc
wcstombs
_beginthreadex
free
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??3@YAXPAX@Z
_strnicmp
_strcmpi

Exports

Exports

ServiceMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5b58a783846cf37fd2010b034fe0330

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB