gh0strat | 63ec0c10c2a3df260260efe8f1addda4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63ec0c10c2a3df260260efe8f1addda4_JaffaCakes118
Size

890KB
MD5

63ec0c10c2a3df260260efe8f1addda4
SHA1

0f07919764d68966d4b08c0b40d407923dc6b07f
SHA256

0854ec7fc3dfcd2972719f7e7606ad99f0968d3c5624428cd7c1ee4fb8641937
SHA512

e200c7fa425a6a6ef4ead7a46fdfe4e7eb1f75580dbf6c8915de3de2350d77bf15b4642b9bd6112a69b0fb2254facbf0a88640f8ddb69b602d5b4b421b702099
SSDEEP

24576:mQKQVQQxfnr+TK7r79/JD71PRi4M5KCGso:gv4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63ec0c10c2a3df260260efe8f1addda4_JaffaCakes118

Files

63ec0c10c2a3df260260efe8f1addda4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ