gh0strat | 03f59ed302200a6870399a42e4b35484_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03f59ed302200a6870399a42e4b35484_JaffaCakes118
Size

122KB
MD5

03f59ed302200a6870399a42e4b35484
SHA1

b64787037de2d2a41c66439298a63e1ee0d2e4ea
SHA256

151ec6aa1db27930e8e50855f80eda1fe7390febfd3f4195c0f2951ba134c59b
SHA512

84e750f51689f5e0dff9c84458da1e7f4b3641ac10bfae449737d78bfc8436d88fcdcc7899c7c9f67046fd1ff44a03667d6c627be32c5a0aff1a3c1d5535677f
SSDEEP

3072:8ohlH/yQ0F8P8vWGveBYDNFQ2dO8vHtQZkpLm/J4PEdOy:thJyQ0CP8WGvGs82c4HtOkpLi4e

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f59ed302200a6870399a42e4b35484_JaffaCakes118

Files

03f59ed302200a6870399a42e4b35484_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b571a808a90c956ff0b3ded2f637645d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
CloseHandle
CreateFileA
GetModuleFileNameA
ExitProcess
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LoadResource
FindResourceA
GetTickCount
GetTempPathA
FreeLibrary
LoadLibraryA
ReadFile
SetFilePointer
lstrcmpiA
SetLastError
lstrcpyA
GetFileAttributesA
lstrcmpA
Sleep
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
ReleaseMutex
WinExec
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc

msvcrt

__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strchr
malloc
realloc
_except_handler3

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ