gh0strat | d155e90490077a82334657f0fa9ce1c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d155e90490077a82334657f0fa9ce1c0_JaffaCakes118
Size

148KB
MD5

d155e90490077a82334657f0fa9ce1c0
SHA1

93a2b80280f55661fbbc5264baca019cea2be3e8
SHA256

8f47a356119b2501b4eac24ea4f8643cd6b8af0b0039bd628de797e3b828bead
SHA512

a1549f8b58f12720359cefc600f18728f470f31f22c7e47e2ad47b3d7339f5cab2f586a8ca47c148b492bc91fd1a2807638be46a6587a7b1e5412943a0903d02
SSDEEP

3072:0B2NqOaKEnDxeo84kaVZ+Z8DnwRD8JJJ:0B2erEarc8DnwRD8Jv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d155e90490077a82334657f0fa9ce1c0_JaffaCakes118

Files

d155e90490077a82334657f0fa9ce1c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e260ac67ec19929528c8a1675f0d55ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.debug0
.rdata
.reloc
.rsrc/BITMAP/103.bmp
.rsrc/MANIFEST/1
.xml
.rsrc/MENU/102
.text