gh0strat | 775484b4764973b22616504c8f7f1b6c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

775484b4764973b22616504c8f7f1b6c_JaffaCakes118
Size

114KB
MD5

775484b4764973b22616504c8f7f1b6c
SHA1

2d8306e17db09493f164b302e0efca60db60672c
SHA256

fbea382979459127e07b5d26636178c8cd0554ee72300a9742ee171d9797b233
SHA512

30cc0adff064f2cf59824672644e5403f3ddd4d9a6819d66959c5e66860505dc5dafae6b5d1a5f492a5d15ab02c196b8f12d306fa26ed1319d45c4cb75e7f4f0
SSDEEP

3072:MP2hr46q2ji1Q55ljbsavbRswhFUiI7LDbssI7LoimhI3CE:MP2hr/q2jignjTGwzjQDwsQVmhgN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
775484b4764973b22616504c8f7f1b6c_JaffaCakes118

Files

775484b4764973b22616504c8f7f1b6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b39ab4ac04aceb5380c9ce59efc1f922

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcpyA
lstrlenA
SetLastError
GetLastError
lstrcatA
ExpandEnvironmentStringsA
CloseHandle
Process32Next
lstrcmpiA
Process32First
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
DeleteFileA
CopyFileA
MoveFileExA
GetWindowsDirectoryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

??3@YAXPAX@Z
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strstr
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
fwrite
fclose
fopen

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ