gh0strat | 25e1300bc6d598a17d270763e170d928_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e1300bc6d598a17d270763e170d928_JaffaCakes118
Size

112KB
MD5

25e1300bc6d598a17d270763e170d928
SHA1

a20c7ac73e6706425d6c6362ed24383ab09e111b
SHA256

ed071e91f481446782e497514387881702063a1cea405fa2e04090f5136b0954
SHA512

baf8b5efed30394482761f792f8c56f8b2ceb06cfb642d569256801a06adc4347c4d642cdaf69a5151049c2d1500b1e5ebaf48537443e52deb5384b817c50492
SSDEEP

1536:5CfHSV4SiPNn8YIaT624cKau2f9d0ub3+Nvf+mHv3JOK:YS2SiKYIb24Wug9d0g+lf+mHv3JO

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e1300bc6d598a17d270763e170d928_JaffaCakes118

Files

25e1300bc6d598a17d270763e170d928_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ