gh0strat | 626ff339f02aa1c0a5db237ad2671ae7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

626ff339f02aa1c0a5db237ad2671ae7_JaffaCakes118
Size

668KB
MD5

626ff339f02aa1c0a5db237ad2671ae7
SHA1

fe24ec8c256554b68ca605d4aa53d32bc9d8dc44
SHA256

1eb7500507477a158212ffa574e343d944a4d10446c48b1cf941f66ab73cdb13
SHA512

e8f39036fb75567a840f6340cd1978d55549b800b7cf2f47f5950c9088e3c3c6dba6bb792639b8ebaf2e68205d46f935856ff495f6fa639b40539aec777921e3
SSDEEP

3072:p7dweF4oSy13hPZ9MQNTSPIciDC8VcxXTBftLKnZJ9OX3GNRrBibcD2g:/wSfSoZ9MaT1cLpxXTBl2nBHkcD2g

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626ff339f02aa1c0a5db237ad2671ae7_JaffaCakes118

Files

626ff339f02aa1c0a5db237ad2671ae7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

D3DRMColorGetAlpha
D3DRMColorGetBlue
D3DRMColorGetGreen
D3DRMColorGetRed
D3DRMCreateColorRGB
D3DRMCreateColorRGBA
D3DRMMatrixFromQuaternion
D3DRMQuaternionFromRotation
D3DRMQuaternionMultiply
D3DRMQuaternionSlerp
D3DRMVectorAdd
D3DRMVectorCrossProduct
D3DRMVectorDotProduct
D3DRMVectorModulus
D3DRMVectorNormalize
D3DRMVectorRandom
D3DRMVectorReflect
D3DRMVectorRotate
D3DRMVectorScale
D3DRMVectorSubtract
Direct3DRMCreate

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ