gh0strat | 858594ed482f6da2ae59062ae8860c23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

858594ed482f6da2ae59062ae8860c23_JaffaCakes118
Size

112KB
MD5

858594ed482f6da2ae59062ae8860c23
SHA1

12a503755dc0d61c7da803fe841d60cc510424a5
SHA256

12ea6719795caa1e28722af9725cf9b17b6d68fef0f5cdf53137d9c9292ddb89
SHA512

9bc42b9cfa57f71420b17348956fe94c4a1ac6396e935a7751c19f9eb978a32490b77167a840ff57fcfc4bf83c8c66a3eb0cc2013f9a0e4753900fa5fbc71165
SSDEEP

3072:s93KG3A9AI2JhN82IugslpCvBV0qhK1A9VrzwJ:S9Qmdh+2IufOvjrhKW9V

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858594ed482f6da2ae59062ae8860c23_JaffaCakes118

Files

858594ed482f6da2ae59062ae8860c23_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallService
ServiceMain
VistaServiceMain
main
setuq

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.Katja
Size: 390B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE