gh0strat | ef8239fd11e46f59d44974b269cce12a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef8239fd11e46f59d44974b269cce12a_JaffaCakes118
Size

336KB
MD5

ef8239fd11e46f59d44974b269cce12a
SHA1

5d1a29666b3ae33415227de0b63432d32b257937
SHA256

636ea10671d2e37c9e3a43694c911d588e7eb31ed4db12166c0dd7d9e0dcb2ae
SHA512

7ab0712b7d6c0aec11099171b75e2c787bc80f343772255d51f274e944ec33db0abf1b4c31563ffa8e05062001b1f1a6db7d9842fa35b62ed49d30241eaf8faa
SSDEEP

6144:RiTtiWB0wL7teJ5Gp3CSnf4G7v4G7AWFvW:UXB0wderGNXZJAZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef8239fd11e46f59d44974b269cce12a_JaffaCakes118

Files

ef8239fd11e46f59d44974b269cce12a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mutou
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mutou
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE