gh0strat | 84c21b375631e5fa7aa0f46d6bf8b539_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84c21b375631e5fa7aa0f46d6bf8b539_JaffaCakes118
Size

153KB
MD5

84c21b375631e5fa7aa0f46d6bf8b539
SHA1

19193074131c61e993e5e0893820f687c740258b
SHA256

064b8ae88acf7ccd2023180a17b58ec12d42522fd25f3b330fa4de411f2bc38e
SHA512

e175b445eba372ba0f8c36d51af283308fadcdc30cbffc938b0e5138e9f251b47d96a9573768e969f84ffd3d22a77c238073880fd2a48c99a0bf996ad5c115ca
SSDEEP

3072:vj+RRHMqc8LNEXlcxdJBAJ6da+ORPsRG9rlav9qxDYn:viRGKXrcV9Bkq6

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84c21b375631e5fa7aa0f46d6bf8b539_JaffaCakes118

Files

84c21b375631e5fa7aa0f46d6bf8b539_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ebe15c5f433bdbc0f6ba65218a5270a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__getmainargs
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_XcptFilter
_exit
srand
rand
sprintf
__p__commode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text