gh0strat | JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36

General

Target

JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36
Size

163KB
MD5

5392cfa1d3ebf19311baedc1e5d9bd36
SHA1

871b8c8172c95b64bfe80a2aa459459eaa3c2ab1
SHA256

243d5dac34cc985729c8623cfce9e95b667d2642d7f6f930469c04a1e6386242
SHA512

e376eb83ffb283cec17b1f70dabcb3ecff1bddab11d8e4b5da0b8377f8cb01193c366ce2b2584eb6605dd9e081cd6357ade97ce0902d9bd57e1b81d941b9387c
SSDEEP

3072:dxhXDNHBbWKRpvv70d/pPHWH43NjCa3Aal4b8ceHyhosXln5I3iv:dx9DHbWK3vv7opfWHgUaQfb8n85IG

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36

Files

JaffaCakes118_5392cfa1d3ebf19311baedc1e5d9bd36
.exe windows:4 windows x86 arch:x86

e56a344d8ccbc1d9b4f4a3c2d1592798

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
WinExec
lstrcatA
GetSystemDirectoryA
Sleep
GetFileAttributesA
ReadFile
SetFilePointer
GetModuleHandleA
CopyFileA
TerminateProcess
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateDirectoryA
CreateThread
DeleteFileA
GetCurrentThreadId
GetStartupInfoA
MoveFileA
GetLastError
OpenProcess
DuplicateHandle
GetCurrentProcess
LockResource
SetLastError
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetWindowsDirectoryA
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
ExitProcess
GetLocalTime

user32

DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
wsprintfA
GetInputState

advapi32

RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
OpenServiceA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA

msvcrt

_except_handler3
_strcmpi
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strtok
??2@YAPAXI@Z
memset
memcpy
strchr
fclose
fwrite
fopen
realloc
malloc
strlen
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strcmp
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e56a344d8ccbc1d9b4f4a3c2d1592798

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 153KB - Virtual size: 152KB

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 153KB - Virtual size: 152KB