gh0strat | 40b94ce15a8d76d270fcae7fd14fddaa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40b94ce15a8d76d270fcae7fd14fddaa_JaffaCakes118
Size

153KB
MD5

40b94ce15a8d76d270fcae7fd14fddaa
SHA1

cb46907d419552f7c567df31063ea78a7cc55e44
SHA256

589da0157d4c68e504ed6abb351910707f61119f58977adf7317c707ef369494
SHA512

9a0f7e63495b872ca14c92dc39d7a7815a279dced0f8534cef6f54160087963fc56b470a50c7f0b970c3f36f65068c8bcecf62aab6ee82d76ba5965bda11e73a
SSDEEP

3072:xN5RRHMqc8LNEXlcxdJBAJ6da+il/A5G9rlav9q/oY/C7:x3RGKXrs59BkqDq7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b94ce15a8d76d270fcae7fd14fddaa_JaffaCakes118

Files

40b94ce15a8d76d270fcae7fd14fddaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ebe15c5f433bdbc0f6ba65218a5270a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
srand
rand
sprintf
__p__commode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text