gh0strat | JaffaCakes118_586944d18f0def5205756604c9bab1d2

General

Target

JaffaCakes118_586944d18f0def5205756604c9bab1d2
Size

124KB
MD5

586944d18f0def5205756604c9bab1d2
SHA1

184af670a7a5b2419b1dfaff070f8b42839fe433
SHA256

5ea60daecb58ce9e8b8cbb306df66d446ecdbbe01638f1eb178b48ea6be65ed4
SHA512

7ded0b1b5c9fc0a2a47695842c3833c49643123e9309ecfc1a2dfbe6602a09d6181d0cb5af2f5bbe12c02413130dc6e2304c0b1fc34a1cc65627e4368983bb7b
SSDEEP

3072:284YHOYH2N9TSCqq6cJwnvOzyhFXXjcnidUJv5WH:2FYHOxTSCCcJSDtjuHJv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_586944d18f0def5205756604c9bab1d2

Files

JaffaCakes118_586944d18f0def5205756604c9bab1d2
.exe windows:4 windows x86 arch:x86

77839b3d31ec7675ab3154bc3225637b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Process32Next
GetTempPathA
Process32First
CreateToolhelp32Snapshot
SetFileAttributesA
DeleteFileA
CopyFileA
CreateDirectoryA
MoveFileA
CreateFileA
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
CreateThread
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
SetFilePointer
ReadFile
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
GetProcAddress
lstrcmpiA
lstrcpyA
LoadResource
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetFileAttributesA

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_exit
_strrev
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
_except_handler3
??3@YAXPAX@Z
fclose
fputs
fopen
strstr
??1type_info@@UAE@XZ
_strcmpi
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77839b3d31ec7675ab3154bc3225637b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 114KB - Virtual size: 113KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 114KB - Virtual size: 113KB