gh0strat | 9650860d1f2ad5431fd913f95fb668b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9650860d1f2ad5431fd913f95fb668b2_JaffaCakes118
Size

188KB
MD5

9650860d1f2ad5431fd913f95fb668b2
SHA1

d56906b8794fa91d4fc3ebd9c597cc08f1b3a4da
SHA256

188237d15fbb558436608283695a1d46e167ac49d8ea0c33ccf8a3efa5674784
SHA512

c9ab452f219da8876f3fae598094c1455bc4a171fa4be24d952bc9eb2842449e7357a59a46906e1da9f4137ead2a9222a7bfb191656588b19ab13b88f6deac11
SSDEEP

3072:E+L2FacyBp9f7tPdGYnNnVzamxH/tiZ+1cfk4Two6rYGPeqovZPR:/JL99fnV7Ztmffk6woKYeeqoxPR

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9650860d1f2ad5431fd913f95fb668b2_JaffaCakes118

Files

9650860d1f2ad5431fd913f95fb668b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ESV
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text