gh0strat | 177a5068b197547325149a1660447e18_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

177a5068b197547325149a1660447e18_JaffaCakes118
Size

184KB
MD5

177a5068b197547325149a1660447e18
SHA1

e9fda430752c023d1fac47b90c0beeb4cafbb742
SHA256

62b498f60ec9918f4e51a9f5774aa7b2b193017542473b59d8075785720f3ccd
SHA512

f465e5e716f0074b4a7cd6c6f92d361d231dc9228532c8c6ab32ccdffad60636cd6ab57b0ef14eda5eb193e3c810ca0f0a75165057a9730a6515535ea62bee12
SSDEEP

3072:LXT6QTlxjLXCKDcMERjtJXVtEhKwtDE0cUyoUeqovoqNGhqng:LX3HyvjTXLiKwtDEtU0eqoeL

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
177a5068b197547325149a1660447e18_JaffaCakes118

Files

177a5068b197547325149a1660447e18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f3943b6e423d10b83dd43e75c79ba04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE