gh0strat | 3e634673018a5f030364758dd18a6162_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e634673018a5f030364758dd18a6162_JaffaCakes118
Size

129KB
MD5

3e634673018a5f030364758dd18a6162
SHA1

8b8c816503d6d11711cbc5ba2e5206ebfd928b2e
SHA256

0a1114a1c915c3bec298f70c8df2400ea71a9e843c71c755ff54842da64cccb7
SHA512

fab2eeba71691914a94c3cf6bc435908e058484c8e4e5ac5d8f1e16422fe1c27375286fd5a5fcaf721fb4e177650e181f1f77c244c6d5d643b5bf158fa5bfa24
SSDEEP

3072:3IJBKIKdMtz6LlxO3uJsmcVNZ8KpsbcrhRHJ:3IJBKIKdKzMnhJ3yNZppsMB

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e634673018a5f030364758dd18a6162_JaffaCakes118

Files

3e634673018a5f030364758dd18a6162_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d365e51588efee1e81279b8856998616

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcmpiA
FreeResource
WriteFile
SizeofResource
SetFileTime
SystemTimeToFileTime
LoadResource
lstrcpyA
ReadFile
GetModuleFileNameA
GetLastError
lstrcatA
GetSystemDirectoryA
GetCurrentThreadId
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
SetFileAttributesA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

_except_handler3
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler
strtok
malloc
??3@YAXPAX@Z
strchr
??2@YAPAXI@Z
realloc
_strrev

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ