gh0strat | a30349cc2fb007812495b5326d7d1548_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a30349cc2fb007812495b5326d7d1548_JaffaCakes118
Size

120KB
MD5

a30349cc2fb007812495b5326d7d1548
SHA1

ee776e30ad001f1941fb447d29aceb7f715ab10a
SHA256

c09e615cabc3a1d2978082728fa15f1e6a2985062098199fbf1707c5861ba411
SHA512

20499e136ce6680f1cd9e0b456d538e6416ff7b3fa201344a1093650335874b99ffb52db4ab700e3074533de8d02cfa555f571e0dc1e57fdfa69f80818ed8739
SSDEEP

3072:alK/2UT2loXguHvjTGygGucp0Yf/XXIVzG+xfMnJ:AK/PaCQsvjqEu89fvXKzGAc

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a30349cc2fb007812495b5326d7d1548_JaffaCakes118

Files

a30349cc2fb007812495b5326d7d1548_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallService
ServiceMain
VistaServiceMain
main
setup

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ