gh0strat | JaffaCakes118_4be029b09b8e3fe3abccfaa224c41ec6

General

Target

JaffaCakes118_4be029b09b8e3fe3abccfaa224c41ec6
Size

10.2MB
MD5

4be029b09b8e3fe3abccfaa224c41ec6
SHA1

e0ce1cbf170ad06367e1f1481755be06c578bfc6
SHA256

3a9a6d4bbfbc7bd43f8e9b9962c06a3fe851b06d95cf4d9830e4febe8211e42a
SHA512

3a80c7b791bdc66c39041b5dcc686f47a58051ab1a429b0cfd3d864816a59d98442585ab450002ef9b859d9b5d01f74ec3c0c2cb6579762af975d54d0bff1167
SSDEEP

3072:SQhOv9nd/M9Wzh0kHbPzYrIy97rsQUt06M8VqWtDG8vdbOeZCNVowgnCJ2BsJln:SQYv9nO9SXHbP0sy9kF07iRvdbvIUChn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4be029b09b8e3fe3abccfaa224c41ec6

Files

JaffaCakes118_4be029b09b8e3fe3abccfaa224c41ec6
.exe windows:4 windows x86 arch:x86

6948916c1f0548e342386469ee83eb6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetSystemDirectoryA
MoveFileA
CreateProcessA
GetShortPathNameA
CopyFileA
CreateMutexA
GetLastError
GetCurrentThreadId
GetEnvironmentVariableA
GetCommandLineA
ReleaseMutex
Sleep
SetUnhandledExceptionFilter
FreeLibrary
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
ReadFile
lstrcmpA
GetCurrentProcess
GetModuleFileNameA
SetLastError
lstrcmpiA
lstrcpyA
GetTempPathA
GetTickCount
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
ExitProcess
lstrcatA
HeapFree
LoadLibraryA
GetProcAddress

user32

GetMessageA
PostThreadMessageA
GetInputState

advapi32

GetSecurityDescriptorDacl
DeleteService
CloseServiceHandle
CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegRestoreKeyA
StartServiceA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
EqualSid
AddAce
GetAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
OpenServiceA
GetServiceKeyNameA
OpenSCManagerA
ControlService

shlwapi

PathFileExistsA

msvcrt

_CxxThrowException
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
rand
??2@YAPAXI@Z
srand
time
__CxxFrameHandler
_mkdir
??3@YAXPAX@Z
strstr
rename
strrchr

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6948916c1f0548e342386469ee83eb6f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Sections

.text Size: 18KB - Virtual size: 18KB

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 182KB - Virtual size: 182KB

.text
Size: 18KB - Virtual size: 18KB

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 182KB - Virtual size: 182KB