gh0strat | JaffaCakes118_4776985be04382486b7d621a68250ce9

General

Target

JaffaCakes118_4776985be04382486b7d621a68250ce9
Size

122KB
MD5

4776985be04382486b7d621a68250ce9
SHA1

2c0731c08123e1f2c949b642b84cd0ce357e0c8a
SHA256

799eca9940d40ba12157d302e46780a0d9d6425ae55ad6908add33256f4d039c
SHA512

cd31489144d461123d6e2b59a4b2f1022877607232ee766c0ceb9ec4ba46eddd98a83f0f7b5e16a36c0cdbaebb0ce4d296c4e217981c8060a19503f17d58f608
SSDEEP

3072:/HV49YZ8DqcLCL7Sw8PpQyULvMpCd/9wtUJ4uHcsF6Hm:/149i8DqkCXSw8KZBdlNJ4FsR

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4776985be04382486b7d621a68250ce9

Files

JaffaCakes118_4776985be04382486b7d621a68250ce9
.exe windows:4 windows x86 arch:x86

a2f4922f0855ff407bd9dfb6a820324b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Process32Next
GetTempPathA
Process32First
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateFileA
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
CreateThread
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
GetProcAddress
lstrcmpiA
lstrcpyA
LoadResource
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
CreateMutexA

user32

GetMessageA
wsprintfA
GetInputState
PostThreadMessageA

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_XcptFilter
_controlfp
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_strcmpi
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2f4922f0855ff407bd9dfb6a820324b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 113KB - Virtual size: 113KB

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 113KB - Virtual size: 113KB