gh0strat | 2f5d4d62903dbc82998efeb48891e32f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f5d4d62903dbc82998efeb48891e32f_JaffaCakes118
Size

155KB
MD5

2f5d4d62903dbc82998efeb48891e32f
SHA1

b7bbbf9fc440b47a775e295746595e1ecd8a1d0f
SHA256

c05828c765dfcd7559fc1a4a4ed3f73ef333f1faca1d49d93ca7bef854197b00
SHA512

fa9a24dc227e34755e2cf0d58b8912d990a6814a168dcc1be2562e4311839ea67b3da261dcf38db612acc0c41f10e2186f68cfe515787e2c07d2122a81e0a86d
SSDEEP

3072:QgPG7VpZcdzYdGvuncvRkPmnrAaxks0CS1kM:Q4GVyYAbDnsMksSS

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f5d4d62903dbc82998efeb48891e32f_JaffaCakes118

Files

2f5d4d62903dbc82998efeb48891e32f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6aa398c66b32afc5697797765faf3e39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__getmainargs
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
srand
rand
sprintf
__p__fmode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text