gh0strat | 37dde788254fd954d79a26a9ca2f9db2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37dde788254fd954d79a26a9ca2f9db2_JaffaCakes118
Size

213KB
MD5

37dde788254fd954d79a26a9ca2f9db2
SHA1

0cd18c9c76f58676e507754585bbdf99acd415d5
SHA256

baf9940a84157de47da2c030bca48a7bf440c34de7445c0bacec1887a8b7c571
SHA512

d72b654c18abc07935f40128cb2382fccbac0da0c39bd4466509f99f20e528ef61f98c4dd28435cab5f0ce5d572b554eae26f5977c4a6982178968c3dc84e3a1
SSDEEP

6144:H/Sy3JueTk1OwoWOQ3dwaWB28edeP/deUv80P80Ap8:H/SyZuLFoZQGpnedeP/deUe1p

Score

10^/10

aspackv2 gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37dde788254fd954d79a26a9ca2f9db2_JaffaCakes118

Files

37dde788254fd954d79a26a9ca2f9db2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE