gh0strat | JaffaCakes118_36553cad031f81753bf6169126feb4fb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_36553cad031f81753bf6169126feb4fb
Size

152KB
MD5

36553cad031f81753bf6169126feb4fb
SHA1

d1ce909376f0f4f68f44312dd9e2163c32e3b17a
SHA256

68b99b655a2e4467ed8d6001ab1ce5f2ef686a63878d642802d8233bd7cc0303
SHA512

661b29d5c759adc8f91a33fbe0b240e5eaa2d30723e068566707cb4835a88edca871c08a05e048e40d0186782abc27b8f71fa55e16b21b761af6c3a9f568e2bd
SSDEEP

3072:80Mm9578YJ7kCKjm71j3nkG7GSJlTBftSJe140uY3:T578Yejjm7VD6SJlTBlSJezu

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_36553cad031f81753bf6169126feb4fb

Files

JaffaCakes118_36553cad031f81753bf6169126feb4fb
.dll windows:4 windows x86 arch:x86

d6fe6c930c28fe0569ad2a7b7636e6df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
lstrlenA
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetLastError
FreeLibrary
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
Sleep
GetTickCount
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
ExpandEnvironmentStringsA
LocalFree
LocalReAlloc
LocalAlloc
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
VirtualQuery
IsBadWritePtr
lstrcmpiA
InterlockedExchange
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
CreateFileMappingA
InitializeCriticalSection
LeaveCriticalSection
LocalSize
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
ExitProcess
VirtualAlloc
GetCurrentProcessId
GetFileAttributesExA
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
RaiseException
LoadLibraryA

user32

EnableWindow
ShowWindow
GetWindow
GetClassNameA
MessageBoxA
GetCursorInfo
DestroyCursor
LoadCursorA
DestroyWindow
CreateWindowExA
wvsprintfA
wsprintfA
CloseWindowStation

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_stricmp
_memicmp
_strupr
_strlwr
_wcsicmp
strncpy
atoi
strchr
??2@YAPAXI@Z
rand
srand
_ftol
strstr
__CxxFrameHandler
_except_handler3
??3@YAXPAX@Z
wcstombs
free
malloc
strrchr
wcsrchr
_CxxThrowException
wcslen
_beginthreadex
memmove
ceil
strncat
realloc

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetBottomViewStyle@CDMSnapin@@QAEHXZ
?GetDiskCount@CDataCache@@QAEKXZ
?GetDiskScaling@CDMSnapin@@QAEHXZ
?GetFilterToggle@CDMSnapin@@QAEHXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetListBehavior@CDMSnapin@@QAEHXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetRegionScaling@CDMSnapin@@QAEHXZ
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetTopViewStyle@CDMSnapin@@QAEHXZ
?GetVolumeCount@CDataCache@@QAEKXZ
?GetWaitCursor@CDMSnapin@@QAEHXZ
CreateDataCacheX
CreateServerRequestsX

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6fe6c930c28fe0569ad2a7b7636e6df

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB