gh0strat | 4290b17f383a7e494834159b7e9cf05b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4290b17f383a7e494834159b7e9cf05b_JaffaCakes118
Size

216KB
MD5

4290b17f383a7e494834159b7e9cf05b
SHA1

79f8c56d420b5ec59a229f6322d1bd845a00db32
SHA256

971fa65fa88e4da2757feb763c1982f85d86771bf63ee545d2ff36f763fcede9
SHA512

889b5b09bedf6a17b200b7819f39f09c46cc6fc3376d283d23ea8447d9269b03d0854203db1a3a18c5afd92517a05ed0650d0e8e6e19eff6136f93873ea09f8e
SSDEEP

6144:5zyyQWV5RMsHmoidEAaltdUKZ4GCWql6N09JxBd:Nyy1pH4Ja/bP3a68

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4290b17f383a7e494834159b7e9cf05b_JaffaCakes118

Files

4290b17f383a7e494834159b7e9cf05b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1187d103c02ae88d0329652b43df9cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
FreeLibrary
LoadLibraryA
CreateFileA
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
FreeResource
SetFilePointer
LocalFileTimeToFileTime
GetTickCount
GetTempPathA
ReadFile
GetModuleFileNameA
lstrcpyA
lstrcmpiA
lstrcmpA
Sleep
MultiByteToWideChar
SetUnhandledExceptionFilter
GetLocalTime
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
RaiseException
GetStartupInfoA
InterlockedExchange
LocalAlloc

shell32

ShellExecuteA

msvcrt

strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
sprintf
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
realloc
_except_handler3
malloc

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ