gh0strat | JaffaCakes118_3781a4a914514113da9daa99927493bd

General

Target

JaffaCakes118_3781a4a914514113da9daa99927493bd
Size

87KB
MD5

3781a4a914514113da9daa99927493bd
SHA1

84a417600629b89dd1c6bdca5b309a9c32ebfc7a
SHA256

436b614983d377046341920512037fafe9bf038b9e220193bb3a204a9372dc8a
SHA512

71603dd9f24ef76559125326277ad5596266a84bcdc78a4d8855f2c8015c48aef79a84e4664be108dfe40ee987cec72b4a63ddd6caefbe218c46670db635955b
SSDEEP

1536:kWZ/Sxlnl9IioY3ldKhTMdcEytfLIeI7nV9e3RnX9toreOv3/DRmR:bBSxSo3ldMMdbyVLIemnV9gJ9tQeOv3o

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3781a4a914514113da9daa99927493bd

Files

JaffaCakes118_3781a4a914514113da9daa99927493bd
.exe windows:4 windows x86 arch:x86

4787cd63529b0ad601afe6815196f583

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetTickCount
GetTempPathA
CopyFileA
GetCommandLineA
GetLastError
GetCurrentProcess
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
Sleep
GetSystemDirectoryA
OutputDebugStringA
CreateProcessA
lstrlenA
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetSystemWindowsDirectoryA
SetFileAttributesA
GetStartupInfoA

advapi32

RegisterServiceCtrlHandlerA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegQueryValueExA
StartServiceCtrlDispatcherA
RegCreateKeyA
RegOpenKeyExA
SetServiceStatus
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey

mfc42

ord924
ord537
ord941
ord535
ord800

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
__CxxFrameHandler
__getmainargs
_except_handler3
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strncmp
strstr
exit
_initterm
sprintf
_acmdln

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4787cd63529b0ad601afe6815196f583

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

msvcp60

Sections

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 77KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 77KB - Virtual size: 76KB