gh0strat | aad25678986d36b9fc176ecaa716adb2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aad25678986d36b9fc176ecaa716adb2_JaffaCakes118
Size

109KB
MD5

aad25678986d36b9fc176ecaa716adb2
SHA1

533a954bb25eec91b269f10636733529d0bf5fff
SHA256

7777a96c4236691de23a4d27f867a385de439d59e3086b5829110b6a0d81cb07
SHA512

85075d8226e86efa9ddbf5da045f386af3fe26309a689eea3af1e33d9dc87d0cf70e572bea6d7258a068beb7fe3168fd0a2e8bcc175336394b329cb3d665170e
SSDEEP

1536:cCfHSV4SiJln8YIaTW24cKau2f9d0jw3+NvI+mHZSYpb:rS2SikYIX24Wug9d0o+lI+mHZSYpb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aad25678986d36b9fc176ecaa716adb2_JaffaCakes118

Files

aad25678986d36b9fc176ecaa716adb2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ