gh0strat | 66780fb05890bb6dd6b35309e329eb9d_JaffaCakes118 | Triage

Sharing

General

Target

66780fb05890bb6dd6b35309e329eb9d_JaffaCakes118
Size

208KB
MD5

66780fb05890bb6dd6b35309e329eb9d
SHA1

ea340304fa27ffb676649592f6d2fa73c7de7d05
SHA256

4cf5f8b57918479634c303c7a6e560ac7776305109f98d134020be491c1f6a0e
SHA512

02a3d36c9b77ad29d10db6de7a71db24d9124adf801b41d63913d7229930374b05a7d13a917324f2d1f01a07ee163bf5087c8959b23b8239602bb74a7d358945
SSDEEP

3072:ATeTY1Em5WBqwP3fs9Q/Xz7iastKyC/hX62xv37ntmefwA/:AiTViWB0CL7thJ57p37tY2

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66780fb05890bb6dd6b35309e329eb9d_JaffaCakes118

Files

66780fb05890bb6dd6b35309e329eb9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jiao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jia
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE