gh0strat | JaffaCakes118_3fde005bb8516984d70b66f08e02a119

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3fde005bb8516984d70b66f08e02a119
Size

149KB
MD5

3fde005bb8516984d70b66f08e02a119
SHA1

e96cfeadb4814a9f5d389f7b0c75868290bc42ed
SHA256

9b937ef02588951cbd77a592b4bf4c033073b809dd5c36f99ef54a63976d2d82
SHA512

eace0687f2c3488eea03ac051649bb445837a0a389b96f844269f758f6055996dd6a7385a351ed1eb0590c2b4e8635c83df2d4898fc8e2387ec559eeb4291f81
SSDEEP

3072:7zvUsH243PBaXVnfHJvDg0MllrKlav0xgYT7TBftToSAUYp:7w+aFBvAeg07TBl07

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3fde005bb8516984d70b66f08e02a119

Files

JaffaCakes118_3fde005bb8516984d70b66f08e02a119
.dll windows:4 windows x86 arch:x86

f115a11e8c6c36b4eb2b12fd9887ae38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW

user32

MessageBoxA
ShowWindow
CloseWindowStation
wvsprintfA
LoadCursorA
DestroyCursor
GetCursorInfo
CreateWindowExA
DestroyWindow
wsprintfA

kernel32

RaiseException
InterlockedIncrement
InterlockedDecrement
LocalReAlloc
LocalSize
InterlockedExchange
ExpandEnvironmentStringsA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
lstrlenA
lstrcpyA
CloseHandle
lstrcmpiA
Sleep
GetCurrentThreadId
GetTempFileNameA
lstrcatA
GetLastError
VirtualQuery
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
VirtualProtect
GetSystemDirectoryA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetModuleFileNameA
GetTickCount
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
FreeLibrary
GlobalFree
GlobalAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
GlobalUnlock
GlobalLock
GlobalSize
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
LocalFree
LocalAlloc
ExitProcess
GetExitCodeProcess
WideCharToMultiByte
lstrcmpA
LoadLibraryA

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_memicmp
_strupr
_wcsicmp
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strrchr
malloc
strstr
strncpy
free
rand
srand
_ftol
memmove
ceil
_except_handler3
atoi
strchr
wcstombs
_CxxThrowException
strncat
_beginthreadex
wcslen
wcsrchr
_strlwr

Exports

Exports

TestProject

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f115a11e8c6c36b4eb2b12fd9887ae38

Headers

File Characteristics

Imports

advapi32

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB