gh0strat | 2982a5fc2008037927e88f8d0a35b915_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2982a5fc2008037927e88f8d0a35b915_JaffaCakes118
Size

113KB
MD5

2982a5fc2008037927e88f8d0a35b915
SHA1

ddb4546cfac483fc7352669d214f13daf4f16d83
SHA256

01538cdfacd7b8ee673a50820fca7b75672a85f427e5d0965b0a133746c16903
SHA512

a5d480c9eae24d5b4fd03219d2eb57b615fdc2b3831bc5cd0153b2480a3c710956524aa6ff8f5e78fde7a3c67dbf0452636633458ef75b66987042002faf2d15
SSDEEP

3072:QVlArWxmiN4Q0jfFCk7Tgx0aq6esNSgHtcq6J6D:QVlArg7N4QIBT0BesNSktcvMD

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2982a5fc2008037927e88f8d0a35b915_JaffaCakes118

Files

2982a5fc2008037927e88f8d0a35b915_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72bb5ae6ceac6330b0c2f2342ff39a24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcmpiA
SetLastError
ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
GetCommandLineA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

fclose
fwrite
fopen
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
strstr
??3@YAXPAX@Z
??1type_info@@UAE@XZ
time
_except_handler3
strchr

Sections

.CRT
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fer
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ