gh0strat | 20c882b48bb81e56892e693bee2977c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20c882b48bb81e56892e693bee2977c2_JaffaCakes118
Size

164KB
MD5

20c882b48bb81e56892e693bee2977c2
SHA1

af93cfd239479b98e093effbd16e82ebfc2ea949
SHA256

8a702a547d78e92b47f2bd8fdde23570dfdbe3902eaa14d1af74fb37e1b88e36
SHA512

6c25d2852465c6880d9a4d319e69e0b62993088c6bc76fd0cc062089bc120ba8da1e42611692dc683330f67f7f95600d059d7a72b8b196885843f7e745e4d61a
SSDEEP

3072:DeT6QTlxjLXCKDcMERjtJXVtEhKwtDP0cUyrPeqov:De3HyvjTXLiKwtDPtUOeqo

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20c882b48bb81e56892e693bee2977c2_JaffaCakes118

Files

20c882b48bb81e56892e693bee2977c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f3943b6e423d10b83dd43e75c79ba04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.debug0
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text