gh0strat | e19e683311ca567c239729e87af22be6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e19e683311ca567c239729e87af22be6_JaffaCakes118
Size

94KB
MD5

e19e683311ca567c239729e87af22be6
SHA1

b8cdd1193df9569a49a4ee56bc4cfb7817f60b05
SHA256

44fc73a78ff2ca77c1036a68db951afc33233a0db1fc8a30d0b17bf323d3cb9d
SHA512

3fd0ba48cc2d11683376d7cb84adc83d4bfa511af5e73420046ad848b01412fdc67947b8a9a19e1865ee27dd376734afc64761d3e55f89f3d31e40e32c307cdc
SSDEEP

1536:pC/zRAh6596zxIGXuZ4pa/t+cHhnfhFehAetLXHetViJZzDu2T:p+ehKexIGXFY/t+chfhFe7tLutViJZzr

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e19e683311ca567c239729e87af22be6_JaffaCakes118

Files

e19e683311ca567c239729e87af22be6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b28bcd11dfdd654a01e73aab4a161afa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
RegQueryValueExA

user32

wsprintfA

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strstr
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
malloc
realloc
_controlfp

kernel32

GetStartupInfoA
SetLastError
lstrcpyA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
FreeResource
MoveFileA
SetFileAttributesA
DeleteFileA
GetCommandLineA
CreateMutexA
GetLastError
ReleaseMutex
GetModuleHandleA
Sleep
GetWindowsDirectoryA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
ExitProcess
lstrlenA
CreateDirectoryA
GetFileAttributesA
lstrcatA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ