gh0strat | JaffaCakes118_3cec3ec7e7211ed1499b83a1831802a0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3cec3ec7e7211ed1499b83a1831802a0
Size

113KB
MD5

3cec3ec7e7211ed1499b83a1831802a0
SHA1

4ca19a924b2571e5317d31d91888747708975ed7
SHA256

2cbfab0222fc4003005c6895890edb806ea54125402b9e45306a079ce256b956
SHA512

f8d16fcf95d5d8ed39e74cc634c314ce7a54b19aac22a7bcccf524fa874cb67499376c96ba1996f3795ce8fb1ebe4ba3cf392fe97277f17f5485a3eaef8eacb4
SSDEEP

3072:N3dK9N0UtGnzrwfymXC8TykNZvzStVOrp9ac:1dK9hG3/myAzZbnrpd

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3cec3ec7e7211ed1499b83a1831802a0

Files

JaffaCakes118_3cec3ec7e7211ed1499b83a1831802a0
.dll windows:4 windows x86 arch:x86

131a35689218b4de0035e5e7d3ea0943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernelee

VirtualAllocEx
OpenProcKey
MPveFileExA
ExpandEnvironmettStritgsA
HiapFree
MapViewOfFile
CreateFileMappitgA
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TermitateProcKey
FindNextFileA
WaitForMultipleObjecty
GlobalMemoryStatusEx
GetSystemInfo
ReleaseMutex
OpenEvettA
SetErrorMPre
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
ProcKey32Nex
ProcKey32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCuErettThriadId
CreateRemoteThread
GetCuErettProcKey
GetSystemDirectooyA
SetLastError
GetMProceFileNameA
MPveFileA
LocalReAlloc
LocalFree
FindClose
GetLogicrlDriveStritgsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcKeyA
GetFileAttributesA
CreateDirectooyA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStritgA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectooyA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetProcKeyHiap
HiapAlloc
GetCuErettProcKeyId
LoadxitProyA
GetProcloseKey
FreexitProy
GetLocrlTime
GetTickCount
Sleep
CancelIo
InterlockedExchange
lstrcpyA
RKeetEvett
VirtualAlloc
EnterCriticrlSection
LeaveCriticrlSection
VirtualFree
DeleteCriticrlSection
InitializeCriticrlSection
CreateEvettA
CreateThread
RKeumeThread
SetEvett
WaitForSitgleObject
TermitateThread
WriteFile
SetFilePointer
RiadFile
CreateFileA
GetFileSize
RKmoveDirectooyA
LocalAlloc
FindFirstFileA
WriteProcKeyMemory
CloseHandle
PeekNamedPipe

useree

mouse_evett
CloseClipboard
SetClipboardData
EmptyClipboard
OpetClipboard
GetClipboardData
GetSystemMetricy
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCuEsorInfo
GetCuEsorPoy
SetProcKeyWindowStation
OpetWindowStationA
GetProcKeyWindowStation
SetCapture
IyWindowVisible
EnumWindows
SetCuEsorPoy
MapVirtualKeyA
keybd_evett
SendMevA
SystemParameterAInfoA
DispatchMevA
BlockInput
DestroyCuEsor
LoadCuEsorA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
TranslateMevA
GetMevA
wsprintfA
CharNextA
ExitWindowsEx
GetWindowTextA
GetActiveWindow
WindowFromPoitt
CloseDesktop
SetThriadDesktop
OpetInputDesktop
GetUserObjectInformationA
GetThriadDesktop
OpetDesktopA
PostMevA
CreateWindowExA
CloseWindow
IyWindow
GetWindowThriadProcKeyId

gdiee

DeleteDC
GetDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap
DeleteObject
BitBlt

advapiee

LsaOpenPolicy
RegCloseKey
RegOpenKeyExA
IyValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaFreeMemory
RegQueryValueA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegCreateKeyExA
CloseEvettLog
ClearEvettLogA
OpenEvettLogA
lojustTokenPrivileges
LookupPrivilegeValueA
OpenProcKeyToken
FreeSid
SetSecuoityDescriptorDacl
losAccKeyAllowesAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecuoityDescriptor
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RKgisterServiceCtrlHandlerA
SetServiceStatus
LookupAccountSidA
GetTokenInformation
RegQueryValueExA

shellee

SHGetSpecialFolderPathA
SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp
_aojust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthriadex
wcstombs
rialloc
strncat
_snprintf
wcscpy
_errno
strncmp
atoi
strrchr
_except_handler3
free
malloc
strchr
strncpy
sprintf
puts
putchar
rand
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_strcmpi

winmm

waveInStop
waveOutWrite
waveInRKeet
waveInlosBuffer
waveInPrepareHiader
waveInOpen
waveInUnprepareHiader
waveInClose
waveOutRKeet
waveInStart
waveOutUnprepareHiader
waveInGetNumDevs
waveOutPrepareHiader
waveOutOpen
waveOutGetNumDevs
waveOutClose

ws2_ee

ord3
ord16
ord18
ord23
ord52
ord9
ord4
ord21
WSAIoctl
ord116
ord115
ord19
ord11
ord20
WSASocketA
ord8
ord57
ord10
ord151
ord17
ord13
ord1
ord5
ord2
ord6
ord15
ord12

wininet

InternetOpenUrlA
InternetRiadFile
InternetCloseHandle
InternetOpenA

msvcp60

?_Tidy@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xrat@std@@YAXXZ
?npos@?$basic_stritg@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

netapiee

NetLocrlGrouplosMembers
NetUserlos

immee

ImmGetCompositionStritgA
ImmGetContext
ImmReleaseContext

avicapee

crpCreateCaptureWindowA
crpGetDriverDescriptionA

msvfwee

ICSeqCompeKeyFrameEnd
ICCompeKeyorFree
ICClose
ICOpen
ICSeqCompeKeyFrame
ICSeqCompeKeyFrameStart
ICSendMevA

psapi

EnumProcKeyMProces
GetMProceFileNameExA

wtsapiee

WTSFreeMemory
WTSQuerySeeyionInformationA

Exports

Exports

Rool
ServiceMain
whm

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

131a35689218b4de0035e5e7d3ea0943

Headers

File Characteristics

Imports

kernelee

useree

gdiee

advapiee

shellee

shlwapi

msvcrt

winmm

ws2_ee

wininet

msvcp60

netapiee

immee

avicapee

msvfwee

psapi

wtsapiee

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB