gh0strat | 269c525fb5f4a67baef8afbed09094d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

269c525fb5f4a67baef8afbed09094d9_JaffaCakes118
Size

14KB
MD5

269c525fb5f4a67baef8afbed09094d9
SHA1

2322b40a17f95ed4db8c54a5db18c6c51f35b44e
SHA256

03c4a458b1564014f5df2367635416d50997e64bb302f3cbfd8fc4e86564f079
SHA512

7840712dd2bf90914fe69eb1160e27754295d2b555a6b1f1672f34b7b6379a44990d2f664caaa21d727b5c21d7136cc65007b22c1e879668d5a2ccd3062d1518
SSDEEP

384:xALaygsCXhgB/H1vzlvZW1YgpoE9Qm7w758f:KLLgsemB/VvjW1ZQk8k

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
269c525fb5f4a67baef8afbed09094d9_JaffaCakes118

Files

269c525fb5f4a67baef8afbed09094d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb5854ecdd665289a6b64a02f74b99d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetEnvironmentVariableA
GetCommandLineA
CreateMutexA
GetLastError
ReleaseMutex
Sleep
GetModuleFileNameA
MoveFileExA
SetLastError
lstrcmpiA
lstrlenA
FindResourceA
LoadResource
CreateFileA
SizeofResource
WriteFile
CloseHandle
FreeResource
lstrcatA
GetModuleHandleA

advapi32

RegQueryValueExA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

msvcrt

realloc
malloc
_except_handler3
strchr
sprintf
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ