gh0strat | JaffaCakes118_31964dfdd7e07e2193e2e1476a64b755

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_31964dfdd7e07e2193e2e1476a64b755
Size

136KB
MD5

31964dfdd7e07e2193e2e1476a64b755
SHA1

fc26d0420fa5abbf8389a3a565e00f6b501b1389
SHA256

506bb631d0cddd36b722c2bd5c4e1ada1d73f9e3d2258d55225094dadb83487a
SHA512

8f99b71ab81763ecb251fc72ba04c1365437a1aa270f5026f1888887877e7ea381086e2ab114d2d4d92c1366ef93f99dd5870eb5e269e352780978ae3cc3121e
SSDEEP

3072:s5xufj+3Ok4yewwA1ZuovQX+I+6gbPfPiHkoBnGkypCwSR3apG+:4RxABOI+FTPMZnGkykwMX+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_31964dfdd7e07e2193e2e1476a64b755

Files

JaffaCakes118_31964dfdd7e07e2193e2e1476a64b755
.exe windows:4 windows x86 arch:x86

0381666ffb3b04394ebea8d32b5a08e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
lstrlenA
SetFilePointer
GetFileSize
CopyFileA
ReadFile
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
WaitForSingleObject
CreateEventA
GetProcAddress
LoadLibraryA
CreateThread
FindFirstFileA
GetLocalTime
GetTickCount
WinExec
MultiByteToWideChar
GetModuleHandleA
ExitProcess
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetStartupInfoA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

gets
??3@YAXPAX@Z
sprintf
rand
srand
strtok
strrchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
atoi
??2@YAPAXI@Z
_except_handler3
_stricmp

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text

Sharing

General

Malware Config

Signatures

Files

0381666ffb3b04394ebea8d32b5a08e0

Headers

File Characteristics

Imports

kernel32

ole32

msvcrt

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 688B

.rsrc Size: 116KB - Virtual size: 114KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 688B

.rsrc
Size: 116KB - Virtual size: 114KB