gh0strat | JaffaCakes118_5463590d7a51e2611b2ba14ffbdb1399

General

Target

JaffaCakes118_5463590d7a51e2611b2ba14ffbdb1399
Size

130KB
MD5

5463590d7a51e2611b2ba14ffbdb1399
SHA1

3e70b2b7817b5eb5f9742b00209389d606ca52e1
SHA256

37b76067ee36e8ef22a508da713b60a3c4c964e88f516e9e86484bae93115df5
SHA512

932a7932d655703a280bf65b9a79b94af2338d253a72de2a8e0a29924edbc1a2c9c388c748ca1b999b412d0fadc39c71acc0f0e93f143a1976759f114c0603e4
SSDEEP

3072:BcrdyFf06FhraBEFNuw6dGVVmgJ/8pbxwvykz0eE4heiDLu8p:BcrdyFc6FhrAESw6EVVX0Dwa80eEEDL3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5463590d7a51e2611b2ba14ffbdb1399

Files

JaffaCakes118_5463590d7a51e2611b2ba14ffbdb1399
.exe windows:4 windows x86 arch:x86

0fa7d1a26894b6366d34dd336f1c4f76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
Process32First
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
Process32Next
CreateDirectoryA
GetSystemDirectoryA
CreateThread
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
lstrcatA
GetLastError
SetLastError
FreeLibrary
lstrcmpiA
lstrcpyA
LoadResource
SetFileTime
SizeofResource
lstrlenA
CloseHandle
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
SetFileAttributesA

user32

GetMessageA
wsprintfA
GetInputState
PostThreadMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_XcptFilter
_controlfp
strtok
??2@YAPAXI@Z
strchr
realloc
malloc
__CxxFrameHandler
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_strcmpi
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fa7d1a26894b6366d34dd336f1c4f76

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 120KB - Virtual size: 120KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 120KB - Virtual size: 120KB