gh0strat | JaffaCakes118_4bab24683d8e2c3dbc110d95dbba018b | Triage

Sharing

General

Target

JaffaCakes118_4bab24683d8e2c3dbc110d95dbba018b
Size

3.3MB
MD5

4bab24683d8e2c3dbc110d95dbba018b
SHA1

31ae4ab89f11f32ef957a9d9f41071b08a4b9581
SHA256

f6ab391a71e9f3e4085f46397a5788813b25b1cd6892df413a15f7412d95a20f
SHA512

59a034239d67f78d33f7f2a69da0a88f1705aa838642be52f922f37c23299278fb3253eeddb1346d6d836ae07d2c36f5cc782f2d74b55f9692a86a8676cdde68
SSDEEP

12288:LmO8RtgcrJ8bT3e6J8bT3AO8DcrcJ8bT3:aOFcrJaT3e6JaT3AOIcrcJaT3

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4bab24683d8e2c3dbc110d95dbba018b

Files

JaffaCakes118_4bab24683d8e2c3dbc110d95dbba018b
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DavFreeUsedDiskSpace
DavGetDiskSpaceUsage
DavGetTheLockOwnerOfTheFile
DllCanUnloadNow
DllGetClassObject
DllMain
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ