cybergate | f58d67a10f6215929f26e33bae086571fb9779c3adef3e81efbcb2fd6dec7975

General

Target

f58d67a10f6215929f26e33bae086571fb9779c3adef3e81efbcb2fd6dec7975
Size

2.0MB
MD5

27c16af0dc1ca5114f02274e888859d3
SHA1

4dd821ebcb09acbfd94178e36f120b761362b4a3
SHA256

f58d67a10f6215929f26e33bae086571fb9779c3adef3e81efbcb2fd6dec7975
SHA512

cea40e3fcf7cad69a9cb0aff50b3b6df65a499ce12ba883558a00aebb4e46a7ebc768dc44cb42315e9fe27755865ee313edc81b2157012c174de9076c46b54ab
SSDEEP

24576:CzGZ0XTB9109be930wzdHkh6wFXRDZEZnTuZOklkQQfn+3CvzuvUBMclcLSwU:CaSB910Q3LzdHEPqZ+OzsSSvUmMcWwU

Score

10^/10

cybergate pony

Malware Config

Extracted

Family

pony

C2

http://coc.zz.vc/gate.php

Signatures

Cybergate family
cybergate
Nirsoft 1 IoCs

Processes:

resource yara_rule

sample Nirsoft
Pony family
pony
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers

Processes:

resource yara_rule

sample WebBrowserPassView

resource	yara_rule
sample	Nirsoft

resource	yara_rule
sample	WebBrowserPassView

Files

f58d67a10f6215929f26e33bae086571fb9779c3adef3e81efbcb2fd6dec7975
.exe windows x86

38b2957c1f4db790914604b1ab860214

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaI2Abs
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
__vbaBoolStr
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaStrCmp
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord713
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaUbound
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord616
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

38b2957c1f4db790914604b1ab860214

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB