gh0strat | 4764c336e085b59b3a3e5c24e8a147ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4764c336e085b59b3a3e5c24e8a147ec_JaffaCakes118
Size

153KB
MD5

4764c336e085b59b3a3e5c24e8a147ec
SHA1

42f5377707fd31a847effe353c7b665ac4ba8e8a
SHA256

02f1fa2237400cabd5f1d279d85e9eed573d6f3482c8e3bc4ebf16c0942240d7
SHA512

02a211d24e41407dd7da39506a4756a7d5ca337f980e58c131a93893a6908cffa6fa31ee8d0fa6c555ee28405d49c28615a17deb31dc3a394d69e1881776787a
SSDEEP

3072:2xhRRHMqc8LNEXlcxdJBAJ6da+il/A5G9rlav9qpIYy:2/RGKXrs59Bkqx

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4764c336e085b59b3a3e5c24e8a147ec_JaffaCakes118

Files

4764c336e085b59b3a3e5c24e8a147ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ebe15c5f433bdbc0f6ba65218a5270a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
srand
rand
sprintf
__p__commode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text