gh0strat | JaffaCakes118_50ddd35d806ec4dccd176cc9e6cc03ab

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_50ddd35d806ec4dccd176cc9e6cc03ab
Size

148KB
MD5

50ddd35d806ec4dccd176cc9e6cc03ab
SHA1

a173cf82e85f5657b20f1a944cb9e8db2cf9f2ac
SHA256

6eaa6b1f65da2a55003a3f74988043e8c25b90ee009321fa1dbbeefc8813509b
SHA512

7d6bfa7c4751dc4213afa659c655dfbbd84b5c5540b2bbdae5674ed262beafdc0f054fe481df13b85c5505dfe7aafb7ee356d32f484fc430164ae55f1d68f831
SSDEEP

3072:7ZAc5xUQE0ln3uJl00lNf/k5tLRWOhIw8msgTBftH/:7J2QE0lnul3NfM554hNgTBlH

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_50ddd35d806ec4dccd176cc9e6cc03ab

Files

JaffaCakes118_50ddd35d806ec4dccd176cc9e6cc03ab
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?COMToCRBvr@@YGPAVCRBvr@@PAUIUnknown@@@Z
?CRAbs@@YGPAVCRNumber@@PAV1@@Z
?CRAcos@@YGPAVCRNumber@@PAV1@@Z
?CRAcquireGCLock@@YG_NXZ
?CRAdd@@YGPAVCRNumber@@PAV1@0@Z
?CRAdd@@YGPAVCRPoint2@@PAV1@PAVCRVector2@@@Z
?CRAdd@@YGPAVCRPoint3@@PAV1@PAVCRVector3@@@Z
?CRAdd@@YGPAVCRVector2@@PAV1@0@Z
?CRAdd@@YGPAVCRVector3@@PAV1@0@Z
?CRAddBvrToRun@@YG_NPAVCRView@@PAVCRBvr@@_NPAJ@Z
?CRAddElement@@YGJPAVCRArray@@PAVCRBvr@@K@Z
?CRAddPickData@@YGPAVCRGeometry@@PAV1@PAUIUnknown@@_N@Z
?CRAddPickData@@YGPAVCRImage@@PAV1@PAUIUnknown@@_N@Z
?CRAddRefGC@@YG_NPAX@Z
?CRAddSite@@YG_NPAVCRSite@@@Z
?CRAlways@@YGPAVCREvent@@XZ
?CRAmbientColor@@YGPAVCRGeometry@@PAV1@PAVCRColor@@@Z
?CRAmbientLight@@YGPAVCRGeometry@@XZ
?CRAnd
?CRAndEvent@@YGPAVCREvent@@PAV1@0@Z
?CRAntiAliasing
?CRAntiAliasing@@YGPAVCRFontStyle@@PAV1@N@Z
?CRAppTriggeredEvent
?CRApplyDXTransform@@YGPAVCRDXTransformResult@@PAUIUnknown@@JPAPAVCRBvr@@PAV3@@Z
?CRAqua@@YGPAVCRColor@@XZ
?CRArc
?CRArcRadians@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@PAVCRNumber@@000@Z
?CRAsin@@YGPAVCRNumber@@PAV1@@Z
?CRAtan2@@YGPAVCRNumber@@PAV1@0@Z
?CRAtan@@YGPAVCRNumber@@PAV1@@Z
?CRAttachData@@YGPAVCREvent@@PAV1@PAVCRBvr@@@Z
?CRBSpline@@YGPAVCRBvr@@HJQAPAVCRNumber@@JQAPAV1@J0PAV2@W4CR_BVR_TYPEID@@@Z
?CRBillboard@@YGPAVCRGeometry@@PAV1@PAVCRVector3@@@Z
?CRBlack@@YGPAVCRColor@@XZ
?CRBlendTextureDiffuse@@YGPAVCRGeometry@@PAV1@PAVCRBoolean@@@Z
?CRBlue@@YGPAVCRColor@@XZ
?CRBold@@YGPAVCRFontStyle@@PAV1@@Z
?CRBoundingBox
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRImage@@@Z
?CRBoundingBox@@YGPAVCRBbox3@@PAVCRGeometry@@@Z
?CRBvrApplyPreference@@YGPAVCRBvr@@PAV1@PAGUtagVARIANT@@@Z
?CRBvrToCOM@@YG_NPAVCRBvr@@ABU_GUID@@PAPAX@Z
?CRCeiling@@YGPAVCRNumber@@PAV1@@Z
?CRClearLastError@@YGXXZ
?CRClearMatte@@YGPAVCRMatte@@XZ
?CRClip@@YGPAVCRImage@@PAV1@PAVCRMatte@@@Z
?CRClipPolygonImage@@YGPAVCRImage@@PAV1@PAVCRArray@@@Z
?CRClose@@YGPAVCRPath2@@PAV1@@Z
?CRColorHsl

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 6KB