gh0strat | 43e2074d63128dce56361d07d4de0bd7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43e2074d63128dce56361d07d4de0bd7_JaffaCakes118
Size

112KB
MD5

43e2074d63128dce56361d07d4de0bd7
SHA1

27a4728c61804736b2e71b798571d63c4c06bb96
SHA256

3c80ee0e3ff40a27378a26fb763341fb08b02d7a426966010e9c7288052e8d1c
SHA512

60c2b19200fe60beab95d763c70aaf4c11fa786d8c01d091db7146a70d92ea94095671d4870fe01463375dd1f7c6bdbbf8dd6591967ea06c614187f6e91a4383
SSDEEP

3072:A93KG3A9AI2Jht82I3gslpCvBV0Z+K1A9n8blJ:+9Qmdhe2I3fOvjc+KW9n

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43e2074d63128dce56361d07d4de0bd7_JaffaCakes118

Files

43e2074d63128dce56361d07d4de0bd7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallService
ServiceMain
VistaServiceMain
main
setuq

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.Katja
Size: 390B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE