gh0strat | 26dd585746eeb958f97f83512656ea23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26dd585746eeb958f97f83512656ea23_JaffaCakes118
Size

160KB
MD5

26dd585746eeb958f97f83512656ea23
SHA1

ccaeb297b467f70454d63c8bab03032f850c7d91
SHA256

7b1da046c82b4976d8dfd2444609b1d978ffbbd924fdead81fe5bf886f33deb9
SHA512

1ad4d82bc29efb6573d909da7c68f653c70842dc9c5b22106948992cdda9846218735cc2b4d1808249889b70b0662247f0f6f163a9d12be3310afc16edeb0987
SSDEEP

3072:1qtx5NYjgsakxdM4hxGQjlrGTbDkSpaQ48TBftzP96n2P:8NajbHxdMoGQBcaQVTBlzF6n

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26dd585746eeb958f97f83512656ea23_JaffaCakes118

Files

26dd585746eeb958f97f83512656ea23_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CComPlusComponent@@QAE@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
??0CComPlusMethod@@QAE@ABV0@@Z
??0CComPlusObject@@QAE@ABV0@@Z
??1CComPlusComponent
??1CComPlusInterface@@UAE@XZ
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??4CComPlusObject
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??_7CComPlusComponent@@6B@
??_7CComPlusInterface@@6B@
??_7CComPlusMethod@@6B@
??_7CComPlusObject@@6B@
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
CGMIsAdministrator
COMPlusUninstallActionW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FindAssemblyModulesW
ManagedRequestW
QueryUserDllW
RegDBBackup
RegDBRestore
RunMTSToCom
StartMTSTOCOM
SysprepComplus

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ