gh0strat | JaffaCakes118_3c34f9268d9a5273ea57e0be475fc0d2

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3c34f9268d9a5273ea57e0be475fc0d2
Size

95KB
MD5

3c34f9268d9a5273ea57e0be475fc0d2
SHA1

0bf6f6ec4ee5d34d2b4f66c5b17b82a015eb0f89
SHA256

79d8ba7dba1f454bbe62987f7860e0af66af5554329a090712dbc38682818420
SHA512

b1dd54c6c97716c054400125a0403f2e6cc4fddc1ae36edbdc066be757637be738fa10f70cfdaafd4151d83b961db0e118e7c1f57a0317083adb984f6f7a2fcf
SSDEEP

1536:CwYB2KGCTNdOKX0rQ35wOX51cjZIXcSyqf9KcZkwf5PBeuZNRN:CwbCJMKLwOX51c1IXpys9Kcpf5PBeuZt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3c34f9268d9a5273ea57e0be475fc0d2

Files

JaffaCakes118_3c34f9268d9a5273ea57e0be475fc0d2
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
aaaa
bbbb

Sections

TEST44
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST22
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST11
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST00
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST1
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST3
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST5
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST6
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST7
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST8
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST9
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEST0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

TEST44 Size: 3KB - Virtual size: 3KB

TEST22 Size: 6KB - Virtual size: 5KB

TEST11 Size: 1KB - Virtual size: 1KB

TEST00 Size: 1KB - Virtual size: 1KB

TEST1 Size: 512B - Virtual size: 288B

TEST2 Size: 2KB - Virtual size: 1KB

TEST3 Size: 3KB - Virtual size: 2KB

TEST4 Size: 3KB - Virtual size: 2KB

TEST5 Size: 1KB - Virtual size: 1KB

TEST6 Size: 1KB - Virtual size: 1KB

TEST7 Size: 1KB - Virtual size: 1KB

TEST8 Size: 1KB - Virtual size: 1KB

TEST9 Size: 1KB - Virtual size: 1KB

TEST0 Size: 2KB - Virtual size: 1KB

. Size: 56KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

TEST44
Size: 3KB - Virtual size: 3KB

TEST22
Size: 6KB - Virtual size: 5KB

TEST11
Size: 1KB - Virtual size: 1KB

TEST00
Size: 1KB - Virtual size: 1KB

TEST1
Size: 512B - Virtual size: 288B

TEST2
Size: 2KB - Virtual size: 1KB

TEST3
Size: 3KB - Virtual size: 2KB

TEST4
Size: 3KB - Virtual size: 2KB

TEST5
Size: 1KB - Virtual size: 1KB

TEST6
Size: 1KB - Virtual size: 1KB

TEST7
Size: 1KB - Virtual size: 1KB

TEST8
Size: 1KB - Virtual size: 1KB

TEST9
Size: 1KB - Virtual size: 1KB

TEST0
Size: 2KB - Virtual size: 1KB

.
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB