gh0strat | 354dc1d9896899f05462d838cc8c004f_JaffaCakes118 | Triage

Sharing

General

Target

354dc1d9896899f05462d838cc8c004f_JaffaCakes118
Size

101KB
MD5

354dc1d9896899f05462d838cc8c004f
SHA1

687cea757d67ab4bbc7e23f65e0fc6aae033f80a
SHA256

688c9e66a156c8120e0f41af1b2dee0e7b01919c3f1d9a1023511751e3192774
SHA512

c26616a48cd0f8f16ce228a989a1fd19756bb5de5ef3a465947422dd445b2bfd7e020d547b1802c331b54c413c302bc60e5d4e3249a44d061b5c7f106131686a
SSDEEP

3072:Z0OTzKz+Ryk0oftTcdqPObSwUEy8bEu2C55:Keez+EsTkMOBUEHN2C3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
354dc1d9896899f05462d838cc8c004f_JaffaCakes118

Files

354dc1d9896899f05462d838cc8c004f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
YinXiangOK

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.great
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE