gh0strat | JaffaCakes118_4f16d99338de08c92cc12f93b6ea9018

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4f16d99338de08c92cc12f93b6ea9018
Size

101KB
MD5

4f16d99338de08c92cc12f93b6ea9018
SHA1

3a03cd201c0f49bdc27bda0391ac9f87b3e3c319
SHA256

238dc6acb0035ddbfb8381a6e8288881e0ba21dc07aa360d606ee8065dd422d5
SHA512

008a84d040852cafad8fc622afd1b173527520cf6d8acd0792538050bcba9690c883ff15569440f2b8608b16add39f0fcd1453b09e4880e77ef7297262e19a3d
SSDEEP

3072:lFAZqgGCR1twRNBGdatlbgQLXbqQf++P:lFAZqgDmRewDr7++P

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4f16d99338de08c92cc12f93b6ea9018

Files

JaffaCakes118_4f16d99338de08c92cc12f93b6ea9018
.dll windows:4 windows x86 arch:x86

4abc73a5497f3f335116a8bb4a7126f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
ResetEvent
lstrcpyA
SetEvent
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
GetDiskFreeSpaceExA
GetVolumeInformationA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
HeapFree
HeapAlloc
GetModuleFileNameA
GetCurrentProcess
WriteProcessMemory
OpenProcess
TerminateThread
GetWindowsDirectoryA
GetLocalTime
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetVersionExA
OpenEventA
SetErrorMode
FreeConsole
Process32Next
RaiseException
InterlockedExchange

msvcrt

strtok
strncat
strchr
realloc
atoi
wcstombs
strncpy
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strrchr
_except_handler3
malloc
free
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
strstr
_ftol
_beginthreadex
ceil
_strnicmp
??3@YAXPAX@Z
memmove
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICSendMessage
ICSeqCompressFrameEnd

Exports

Exports

Ilovebeibei
JustforFun1
JustforFun2
JustforFun3
Rool
ServiceMain
whmtorrent
wwhhmm

Sections

Torrent
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4abc73a5497f3f335116a8bb4a7126f0

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

Torrent Size: 94KB - Virtual size: 93KB

.reloc Size: 6KB - Virtual size: 5KB

Torrent
Size: 94KB - Virtual size: 93KB

.reloc
Size: 6KB - Virtual size: 5KB