gh0strat | JaffaCakes118_4ee6c1373dca2e084a856f518e327dd6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4ee6c1373dca2e084a856f518e327dd6
Size

2.1MB
MD5

4ee6c1373dca2e084a856f518e327dd6
SHA1

dcf9f2239564a66858e8104590aa4577a97430d7
SHA256

aef549232dd0720bc6f1ba0d8f9246ea0b1e041ce37fad0db044967269df06d4
SHA512

f0fc73eacf03663f44ed8df26bbcb54b0de236f4c2e67a0824f9b2c65379d8af0377b5c53ee9cd359c2e36d832d552b69ccc77825962547f0028ed9d1b65ddd0
SSDEEP

49152:jTT5TTdATTn9TTXTTqTTVT/TT1TT6bTTb:4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4ee6c1373dca2e084a856f518e327dd6

Files

JaffaCakes118_4ee6c1373dca2e084a856f518e327dd6
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?COMToCRBvr@@YGPAVCRBvr@@PAUIUnknown@@@Z
?CRAbs@@YGPAVCRNumber@@PAV1@@Z
?CRAcos@@YGPAVCRNumber@@PAV1@@Z
?CRAcquireGCLock@@YG_NXZ
?CRAdd@@YGPAVCRNumber@@PAV1@0@Z
?CRAdd@@YGPAVCRPoint2@@PAV1@PAVCRVector2@@@Z
?CRAdd@@YGPAVCRPoint3@@PAV1@PAVCRVector3@@@Z
?CRAdd@@YGPAVCRVector2@@PAV1@0@Z
?CRAdd@@YGPAVCRVector3@@PAV1@0@Z
?CRAddBvrToRun@@YG_NPAVCRView@@PAVCRBvr@@_NPAJ@Z
?CRAddElement@@YGJPAVCRArray@@PAVCRBvr@@K@Z
?CRAddPickData@@YGPAVCRGeometry@@PAV1@PAUIUnknown@@_N@Z
?CRAddPickData@@YGPAVCRImage@@PAV1@PAUIUnknown@@_N@Z
?CRAddRefGC@@YG_NPAX@Z
?CRAddSite@@YG_NPAVCRSite@@@Z
?CRAlways@@YGPAVCREvent@@XZ
?CRAmbientColor@@YGPAVCRGeometry@@PAV1@PAVCRColor@@@Z
?CRAmbientLight@@YGPAVCRGeometry@@XZ
?CRAnd@@YGPAVCRBoolean@@PAV1@0@Z
?CRAndEvent@@YGPAVCREvent@@PAV1@0@Z
?CRAntiAliasing@@YGPAVCRFontStyle@@PAV1@N@Z
?CRAntiAliasing@@YGPAVCRLineStyle@@PAV1@N@Z
?CRAppTriggeredEvent@@YGPAVCREvent@@XZ
?CRApplyDXTransform@@YGPAVCRDXTransformResult@@PAUIUnknown@@JPAPAVCRBvr@@PAV3@@Z
?CRAqua@@YGPAVCRColor@@XZ
?CRArc
?CRArcRadians@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@PAVCRNumber@@000@Z
?CRAsin@@YGPAVCRNumber@@PAV1@@Z
?CRAtan
?CRAtan2@@YGPAVCRNumber@@PAV1@0@Z
?CRAttachData@@YGPAVCREvent@@PAV1@PAVCRBvr@@@Z
?CRBSpline@@YGPAVCRBvr@@HJQAPAVCRNumber@@JQAPAV1@J0PAV2@W4CR_BVR_TYPEID@@@Z
?CRBillboard@@YGPAVCRGeometry@@PAV1@PAVCRVector3@@@Z
?CRBlack@@YGPAVCRColor@@XZ
?CRBlendTextureDiffuse@@YGPAVCRGeometry@@PAV1@PAVCRBoolean@@@Z
?CRBlue@@YGPAVCRColor@@XZ
?CRBold@@YGPAVCRFontStyle@@PAV1@@Z
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRImage@@@Z
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRPath2@@PAVCRLineStyle@@@Z
?CRBoundingBox@@YGPAVCRBbox3@@PAVCRGeometry@@@Z
?CRBvrApplyPreference
?CRBvrToCOM@@YG_NPAVCRBvr@@ABU_GUID@@PAPAX@Z
?CRCeiling@@YGPAVCRNumber@@PAV1@@Z
?CRClearLastError@@YGXXZ
?CRClearMatte@@YGPAVCRMatte@@XZ
?CRClip@@YGPAVCRImage@@PAV1@PAVCRMatte@@@Z
?CRClipPolygonImage
?CRClose@@YGPAVCRPath2@@PAV1@@Z
?CRColorHsl

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 6KB