gh0strat | JaffaCakes118_491056d9ab4f7c96fcd256014cd01a40 | Triage

Sharing

General

Target

JaffaCakes118_491056d9ab4f7c96fcd256014cd01a40
Size

64KB
MD5

491056d9ab4f7c96fcd256014cd01a40
SHA1

371bd16a703e153c902a4416ce6b3b5b2c938c84
SHA256

c32b3f534bd2223a2bae31db98ef4665a35e0b63785a0b522367c08e5ec00d43
SHA512

8be7190552cdf8f8f532891e4bb20e026074e9e969183435276bca8fd58fb69ffe918c82dfb9333230d8751d4fbfa7aa0c9958a6183ef6c219c81ec0f5d37e73
SSDEEP

1536:9f7ezCNkHjYj1BgGkcfjFbW4crqwPSufn8IW5N5:9TeTY1Em5WBqwP3fsT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_491056d9ab4f7c96fcd256014cd01a40

Files

JaffaCakes118_491056d9ab4f7c96fcd256014cd01a40
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jiao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jia
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fao
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE