gh0strat | JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff

General

Target

JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff
Size

128KB
MD5

5f26b1a4e41757ace0cde4b7d279aaff
SHA1

fff906231d7b16d58d1818466adb3c2b89faa399
SHA256

4a3e1c8e4375c90725702226650cbcddc11cf376e3a9b17edaf3aa33e849a47f
SHA512

1f732f45e59de3703eebf3aac513ad40295ce7686422c00eaac5befbdd127007ef0010b923d3cd161e1791e8aff629355df7334e7d57f965a24cea1f41ba4c08
SSDEEP

3072:3Xq28uHvzJT1DQXNpvgPC4WaoCeOC4W9rD5zaQ6SZLmq8:3X18GvvQqCvlOC4WvzaIsT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff

Files

JaffaCakes118_5f26b1a4e41757ace0cde4b7d279aaff
.exe windows:4 windows x86 arch:x86

b5de3cd40f425b84df1c0c9f3e44b5ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetSystemDirectoryA
ReadFile
SetFilePointer
GetModuleFileNameA
SetUnhandledExceptionFilter
Sleep
GetFileAttributesA
CreateMutexA
GetCommandLineA
CreateDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetLastError
SetLastError
lstrcmpiA
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
SetFileAttributesA
ExitProcess
GetWindowsDirectoryA
lstrcatA
ReleaseMutex

user32

GetInputState
GetMessageA
wsprintfA
PostThreadMessageA

advapi32

CreateServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
StartServiceA
OpenServiceA
OpenSCManagerA

msvcrt

_XcptFilter
realloc
malloc
_except_handler3
strchr
strtok
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5de3cd40f425b84df1c0c9f3e44b5ab

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 120KB - Virtual size: 119KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 120KB - Virtual size: 119KB