gh0strat | JaffaCakes118_36f8fc192a3af32aeca3e6fe27b9517b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_36f8fc192a3af32aeca3e6fe27b9517b
Size

37KB
MD5

36f8fc192a3af32aeca3e6fe27b9517b
SHA1

5397180860d382b5b7861b329e49190d1f81b360
SHA256

0f44c4412e8d6fd16ba0eb633b12629a77defa6ab25901cc7718ebfc8f862735
SHA512

da022108e64a35a80fc70d4f100f3176363e02cbed21aca421b3fe3247022d946759a64d4ba75a9cf45e8b29bcca8c3cc79ba2c04e8eee8e312e195dd4c1e51c
SSDEEP

768:bbj5kZVnpEhqNO7t/+Y/S0c+PXcJhlGaPVy7YFNuGPjhrAtV:bbdkPakNO7t/fPZPXchl7/NuurAtV

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_36f8fc192a3af32aeca3e6fe27b9517b

Files

JaffaCakes118_36f8fc192a3af32aeca3e6fe27b9517b
.dll windows:4 windows x86 arch:x86

8352c7222557ac9759e101fa34dc4d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
GetTempPathA
GetModuleFileNameA
SetLastError
TerminateThread
GetSystemDirectoryA
DisconnectNamedPipe
ReadFile
GetVersionExA
GetTickCount
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32First
lstrcmpiA
GetCurrentThreadId
GetFileSize
LocalAlloc
FindFirstFileA
LocalReAlloc
LocalFree
FindClose
GetDriveTypeA
lstrcatA
lstrlenA
GetLastError
DeleteFileA
CancelIo
InterlockedExchange
SetEvent
WaitForSingleObject
lstrcpyA
ResetEvent
Sleep
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
PeekNamedPipe
FreeLibrary

user32

OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
wsprintfA
CharNextA

advapi32

RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus

msvcrt

strncat
strchr
realloc
atoi
wcstombs
strncpy
_beginthreadex
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
free
malloc
_except_handler3
strrchr

ws2_32

WSAIoctl
WSAStartup
htons
gethostbyname
socket
closesocket
select
recv
gethostname
getsockname
connect

Exports

Exports

CH
JustforFun1
JustforFun2
JustforFun3
ServiceMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8352c7222557ac9759e101fa34dc4d70

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB