gh0strat | JaffaCakes118_5ec605e5549270fddba28781d4823eae

General

Target

JaffaCakes118_5ec605e5549270fddba28781d4823eae
Size

122KB
MD5

5ec605e5549270fddba28781d4823eae
SHA1

10cdcb9a1a3fb44dff4a7e777b1101a42ca290e6
SHA256

88832a897bbf52a34a4092a12c3e18e1bd6a7665b5b099585f47a10531261c77
SHA512

39ebe0d08086c91aecf0f86ed5be4e23030d0800797d32abe12fb722be4ad17d08f7507645f3a29b7eda4b54c11f2be716afa493928f49403060348ee29fa40b
SSDEEP

3072:v3F/Re6cW/Tyd1XxJz7tkuS+VWr0oSw+LAJSg/hh:v3F/R7cW/T61XfdkRdSw+MJSA

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5ec605e5549270fddba28781d4823eae

Files

JaffaCakes118_5ec605e5549270fddba28781d4823eae
.exe windows:4 windows x86 arch:x86

17abb72fdad972efa6b81fbd6f4dcf71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
GetCurrentThreadId
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
Process32Next
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
lstrcatA
GetLastError
SetLastError
lstrcmpiA
lstrcpyA
FreeLibrary
LoadResource
SetFileTime
SizeofResource
lstrlenA
CloseHandle
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetCommandLineA

user32

wsprintfA
PostThreadMessageA
GetInputState
GetMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_XcptFilter
_strrev
strtok
??2@YAPAXI@Z
strchr
realloc
malloc
__CxxFrameHandler
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_strcmpi
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17abb72fdad972efa6b81fbd6f4dcf71

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 113KB - Virtual size: 113KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 113KB - Virtual size: 113KB