gh0strat | d5d816c3d7a57539055ececb44cdf766_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5d816c3d7a57539055ececb44cdf766_JaffaCakes118
Size

148KB
MD5

d5d816c3d7a57539055ececb44cdf766
SHA1

15bf4bb96c359ab43f718dea5a6a31f04ec1d4ca
SHA256

7a23f1718b1e986799405729727f63c87368e375e0f656f79bf28ffe38cc4646
SHA512

184ce01c1542eb04f3842548727f1e36661dd18011732b308f9c6fc98897e420c818e45ea2ca4f659d114e24c3b8de450ded3e1a844ea81e9bf225b1ffc81cec
SSDEEP

3072:aXmMCT2oY9u49rqqXd6q+FywKLU/wIksykTBft3DpndMes:lMCyf9uqqqN0ULUI5sykTBl3DpmB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5d816c3d7a57539055ececb44cdf766_JaffaCakes118

Files

d5d816c3d7a57539055ececb44cdf766_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DeleteExtractedFiles
DllGetVersion
Extract
FCIAddFile
FCICreate
FCIDestroy
FCIFlushCabinet
FCIFlushFolder
FDICopy
FDICreate
FDIDestroy
FDIIsCabinet

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ