gh0strat | 3931d535d1d7e75b1db8363c8a1fbda2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3931d535d1d7e75b1db8363c8a1fbda2_JaffaCakes118
Size

236KB
MD5

3931d535d1d7e75b1db8363c8a1fbda2
SHA1

89567ec5ca385105bad13e2a09adf5063691ab71
SHA256

8c2bf49ba9e6a218b80d1bdcf20336263255abfd887e9769671b02b0b708668f
SHA512

962cdb7e35e5c908f84769cb14f7a564f452f6b62e8716023aeab81fd2721a135e3ac8ae5fd46bd86e4ba8ff9bbb9017f5d5c765571306cfc85d6ada427d9f2c
SSDEEP

3072:IPHzqtu0IPeqovhA58gMreQNihzFEnitlffRo+8uRJUZZWFIYzSf+eqo9a:qP0Ieqo5bN2l3f6KgZZY+Geqo

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3931d535d1d7e75b1db8363c8a1fbda2_JaffaCakes118

Files

3931d535d1d7e75b1db8363c8a1fbda2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a1163d4ab434a1b04aa9d907e151cd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetFilePointer
GetTickCount
WriteFile
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetLastError
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
CloseHandle

user32

wsprintfA
GetMessageA
PostThreadMessageA
GetInputState

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ