cybergate | 4269d969a7dc7004e6d36cdd847abe4c3de5e56ca6422c41b37c8b29d13a469b

Sharing

Copy URL

Twitter E-mail

General

Target

4269d969a7dc7004e6d36cdd847abe4c3de5e56ca6422c41b37c8b29d13a469b
Size

1.1MB
MD5

5c7ab43562abd792a3766707c060edef
SHA1

23858be8cfc893b5ee3965a3d38fc21d352a1659
SHA256

4269d969a7dc7004e6d36cdd847abe4c3de5e56ca6422c41b37c8b29d13a469b
SHA512

0a2aa495efeb19aa4c0a23d449d260b294bd413dd2dad59d5e1b65a3f92bd9e33dade0e975b566936420abc529799f71d8d0b6b2548ba1f1d31ae509c26eafe1
SSDEEP

12288:vcD667Q4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQRs2z:vWLtwCc26uGi2VCHXSBzTaDMsAQRH

Score

10^/10

shark-vic cybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

shark-vic

shark-tchingo.no-ip.biz:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
abcd1234

Signatures

Cybergate family
cybergate

Files

4269d969a7dc7004e6d36cdd847abe4c3de5e56ca6422c41b37c8b29d13a469b
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

10
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

0 Size: 48KB - Virtual size: 48KB

1 Size: 4KB - Virtual size: 4KB

2 Size: 8KB - Virtual size: 8KB

3 Size: 4KB - Virtual size: 4KB

4 Size: 4KB - Virtual size: 4KB

5 Size: 4KB - Virtual size: 4KB

6 Size: 4KB - Virtual size: 4KB

7 Size: 924KB - Virtual size: 924KB

8 Size: 76KB - Virtual size: 76KB

9 Size: 4KB - Virtual size: 4KB

10 Size: 40KB - Virtual size: 40KB

0
Size: 48KB - Virtual size: 48KB

1
Size: 4KB - Virtual size: 4KB

2
Size: 8KB - Virtual size: 8KB

3
Size: 4KB - Virtual size: 4KB

4
Size: 4KB - Virtual size: 4KB

5
Size: 4KB - Virtual size: 4KB

6
Size: 4KB - Virtual size: 4KB

7
Size: 924KB - Virtual size: 924KB

8
Size: 76KB - Virtual size: 76KB

9
Size: 4KB - Virtual size: 4KB

10
Size: 40KB - Virtual size: 40KB