gh0strat | bf12432ba4077790121cc7d472846496_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf12432ba4077790121cc7d472846496_JaffaCakes118
Size

153KB
MD5

bf12432ba4077790121cc7d472846496
SHA1

27758ceb4b1e967867e51d2bb8271b11c6796f0a
SHA256

0adcde88ec7e34de857bce8a4847a788e80d111ba8873e10957120208f740895
SHA512

62ebc406e697d928797d8497ff36b058263405fe9013e59640370950a11fc57ce16e3052b928fd63f6e658b04fa5882b38f7a879302d028cf9f656e008cb1417
SSDEEP

3072:JJevJuTj9jxXCtte4FO6l4J0cyoDm8PZkBFP:Jcvkutt8CiioSKkB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf12432ba4077790121cc7d472846496_JaffaCakes118

Files

bf12432ba4077790121cc7d472846496_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baf3784d9658c0d2cf84c6d520f1d91c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetTickCount
WinExec
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_exit
srand
rand
sprintf
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ