gh0strat | 009a45a2623e3a595043ec47eb06aa95_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

009a45a2623e3a595043ec47eb06aa95_JaffaCakes118
Size

103KB
MD5

009a45a2623e3a595043ec47eb06aa95
SHA1

30f61e4c8c5a88312e4d02550b94de99ec9bc5f7
SHA256

596ec3a0a55e0da71a4f185c979eb1b528f493cdd447a5d08b888d99db73b9bb
SHA512

d2530f49a1905dc1183fa67f3d27d8b91c13c1b3e1d78c9d61d32148ff62d671a26b036be8a4390d01a81ee260458f18b78b5daf2dea2ac9da8b7bbf52a47f46
SSDEEP

1536:THFhnmuXwALxhd7lilGvbcnH6fB18we+VksDWVgZn92cdlC2:LFp3LxhLiEvboH8B18sVksDWVgX2cdlr

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009a45a2623e3a595043ec47eb06aa95_JaffaCakes118

Files

009a45a2623e3a595043ec47eb06aa95_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

wjyl1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE