gh0strat | a7088486a1deae74073fa3a44b23430d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7088486a1deae74073fa3a44b23430d_JaffaCakes118
Size

169KB
MD5

a7088486a1deae74073fa3a44b23430d
SHA1

43b5386655520681b3a49971f40701c54aa203b9
SHA256

a5a1e1fb1a1dbe77107a4ea8e17f9c432d89cdb851b46d23732fc4daec6c1b79
SHA512

f5af897bab0d36ec90e9cce154005925c39d36359a47618dc35761b4f8b68c9dd41d5d0ce666e954a0bbbaf58b7407f05194c39405303a6675f00d3500a9b21c
SSDEEP

3072:JUpjPApXTGegp6rBor10oPvnMBWx9aeEffgHAOOxciNoci/SXcBKqBK:JUpAYdxxsbgH0poj/SMBNB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7088486a1deae74073fa3a44b23430d_JaffaCakes118

Files

a7088486a1deae74073fa3a44b23430d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a955d6cab71352445b68fcdf2160299b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcmpiA
CreateToolhelp32Snapshot
GetTickCount
DeleteFileA
MoveFileA
CloseHandle
lstrcpyA
lstrlenA
CreateFileA
GetTempPathA
GetModuleFileNameA
Sleep
ExitProcess
GetCurrentThreadId
MoveFileExA
WritePrivateProfileStringA
SetFilePointer
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
rand
??2@YAPAXI@Z
_except_handler3
_strcmpi

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ