gh0strat | 0dcdbbbc7130c9a0da0599efcd057c96_JaffaCakes118 | Triage

Sharing

General

Target

0dcdbbbc7130c9a0da0599efcd057c96_JaffaCakes118
Size

128KB
MD5

0dcdbbbc7130c9a0da0599efcd057c96
SHA1

ee1763a84b55d8558363a2011af0c26fc175aba6
SHA256

caf892c038fc7b3e63064b3a2407b48086f63bc393c53e0b477e8a1a409daa48
SHA512

db184fb113b1a8b546d334b7e65a2faf0b9ccec5f830acc44159c79419b63a292dc682bf421cc7d9b813670e0ab15e39cd08bda6ab7f180cbd13d39e8e3f385a
SSDEEP

3072:ZMXS65kEYMAwY3sKevb4FLDcJ6YIC6pZdrvDsraHr:ZMXS65kEJjrkFnbB3pZFDp

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dcdbbbc7130c9a0da0599efcd057c96_JaffaCakes118

Files

0dcdbbbc7130c9a0da0599efcd057c96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70b9ca850ff89a82c89127996f5086e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
ExitProcess
lstrcmpiA
Process32Next
FreeResource
lstrlenA
WriteFile
SizeofResource
SetFileTime
SystemTimeToFileTime
LoadResource
lstrcpyA
SetLastError
GetLastError
lstrcatA
GetSystemDirectoryA
ReadFile
SetFilePointer
GetModuleFileNameA
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
SetFileAttributesA
Sleep
CreateThread
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

msvcrt

??3@YAXPAX@Z
_except_handler3
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strrev
_strcmpi
malloc
realloc
__CxxFrameHandler
strchr
??2@YAPAXI@Z
strtok

iphlpapi

AddIPAddress
GetInterfaceInfo

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ