gh0strat | JaffaCakes118_632e334cdf2bf8af293ae815ab92739b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_632e334cdf2bf8af293ae815ab92739b
Size

387KB
MD5

632e334cdf2bf8af293ae815ab92739b
SHA1

acb86e09d4b829903460890c5464187087ea8b0b
SHA256

2ad9158380d361406f472e19be5387920f147288951022145bd0999d9ae183b3
SHA512

fab8e42771a483e7722fae4ec0cd256192cd7613e11fd52a49d741379e6e2b1e26b468393f1d68bf853b442fca260327171b94985d0054858ef8970eeeaab488
SSDEEP

12288:e2bGl7HnLFagg+anw7RxEQxEX60CPwAlto:5bGl7HLng3nARiQx460C4Kt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_632e334cdf2bf8af293ae815ab92739b

Files

JaffaCakes118_632e334cdf2bf8af293ae815ab92739b
.exe windows:4 windows x86 arch:x86

ce467c39c24abb29b7c0d7a11e795dbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
FileTimeToLocalFileTime
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
GetProcessVersion
FreeLibrary
FindResourceA
SizeofResource
GetProfileStringA
LoadResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
lstrcatA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
lstrlenA
MultiByteToWideChar
LoadLibraryA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetProcAddress
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FindNextFileA
lstrcpyA
FindFirstFileA
GetLastError
SetLastError
FindClose
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetVersion
GetModuleFileNameA
GetTempPathA
CreateProcessA
WaitForSingleObject
DeleteFileA
GetModuleHandleA
GetStdHandle

user32

GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
DestroyMenu
InvalidateRect
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetWindowTextLengthA
SetForegroundWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
ScreenToClient
ClientToScreen
LoadCursorA
GetCapture
GetSystemMetrics
CharUpperA
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PostMessageA
PostQuitMessage
SendMessageA
UnregisterClassA
HideCaret
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
GetWindowTextA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
IntersectClipRect
SetBkMode
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateDIBitmap
PatBlt
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce467c39c24abb29b7c0d7a11e795dbe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 9KB