gh0strat | 957812d308c0a0c3ac4217b206a7dbfd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

957812d308c0a0c3ac4217b206a7dbfd_JaffaCakes118
Size

136KB
MD5

957812d308c0a0c3ac4217b206a7dbfd
SHA1

dccd976386d2cba03b4a34f6242e14745adc1ddd
SHA256

2b9f1cf8c86ef75795ddbfde2661db0e85a6d41ab718ee417140a56213137b67
SHA512

4ba3695d729f0f6e14da54a6377737fb235b00da078e9556d34cdaaad755d9c4939ffd5db1d61eab42d68b69dc1857e3cce5f6bad044f06df109ea65a2985796
SSDEEP

3072:VVbQYhHZ8IXcZmr/omF7qJng4/TDGxeiFa60LU+C:jQYhHZjXcZe/ooqJzyeiv0LUb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
957812d308c0a0c3ac4217b206a7dbfd_JaffaCakes118

Files

957812d308c0a0c3ac4217b206a7dbfd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a8cdda8290a20bb4307382a020c1180

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
ExitProcess
CloseHandle
lstrlenA
SizeofResource
SetFileTime
LoadResource
lstrcpyA
lstrcmpiA
SetLastError
GetLastError
lstrcatA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
Process32Next
GetModuleHandleA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
Sleep
CreateThread
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

malloc
__CxxFrameHandler
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
realloc
strchr
??2@YAPAXI@Z
sprintf
strtok
_strrev

Sections

PAGE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ