gh0strat | fa0c957a174c88e952061b6b5cb67255_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0c957a174c88e952061b6b5cb67255_JaffaCakes118
Size

104KB
MD5

fa0c957a174c88e952061b6b5cb67255
SHA1

7f296ab8a52c5036bc9a3fe4309a3a7bfa7b97a4
SHA256

226a71cff200b6654c318eaf2ee3254aa2bdfe0b1375dd051c1975e653d08ab5
SHA512

0ce8baa40396d3d50d2ba71b39b84ee68ee79fbbfa8fee2903e6026565065a0e0991e830c6d59df7b2a38b5b33786154c44a56033fa42774635cd77f9f7c7f7d
SSDEEP

3072:CAGmPCB92imiFaITuH9tHAbTjdLxnk75wXw:CAqLm+UJmndLxnkNwXw

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0c957a174c88e952061b6b5cb67255_JaffaCakes118

Files

fa0c957a174c88e952061b6b5cb67255_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d45d747091e0ff1ed11f4845cb998e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
lstrcmpiA
GetProcAddress
LoadLibraryA
FreeResource
Sleep
WriteFile
CreateFileA
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
CreateEventA
WinExec
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ