gh0strat | a45d5e5e6081a5edc37a04a1659a3989_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a45d5e5e6081a5edc37a04a1659a3989_JaffaCakes118
Size

136KB
MD5

a45d5e5e6081a5edc37a04a1659a3989
SHA1

976061c91e00be1650a2e20b7e69516c36d90574
SHA256

f62c5944013b214f00201c189a5682f1fda7cc0c1531805274736b61851820cb
SHA512

ccb57c83259f48443f7c8597c3b8bab843d8093625ece08ae39ee76b449be9f65ee4bbf92c3e72d9c3d853ed67b609f2cbc730c6cfed9254ce8810ce37867f57
SSDEEP

3072:2GRwZSQpKa3VGVnpUlCz764/9xpEEBqbZuwB5iGHeqovvhV:2lJVGpxx9b3wZuwB4GHeqob

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a45d5e5e6081a5edc37a04a1659a3989_JaffaCakes118

Files

a45d5e5e6081a5edc37a04a1659a3989_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dat
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.rsrc/version.txt
.text