cybergate | 83c3e72a957231fed67538c374c3d0ca21fae4d58c115e27664ab3d4a3b5b2f2

General

Target

83c3e72a957231fed67538c374c3d0ca21fae4d58c115e27664ab3d4a3b5b2f2
Size

281KB
MD5

2579b3b0d52f186fe9fd5ba70c8a0262
SHA1

8c96d05dc027a8a127197791f1bcc302838c088e
SHA256

83c3e72a957231fed67538c374c3d0ca21fae4d58c115e27664ab3d4a3b5b2f2
SHA512

cdc2fa5123afb8432e575eaeee7a9f85ab2778846c5afb8a20ab35be10198e12135a202849175298f9533e7ad2817de9c7faf3bb15b7b30ebdce0ed2ac5713b7
SSDEEP

6144:gScrLV4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijW:xcCy78QSVnNyhsFMCeSjW

Score

10^/10

7 cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

7

C2

kan3.gotdns.com:666

r3dz80.no-ip.biz:666

Mutex

GPHGC0H8K47GJ7

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
K
install_file
kanes
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Net Framework Version 2.0 must be installed to continue.
message_box_title
Error code: 0x80070643
password
cybergate

Signatures

Cybergate family
cybergate

Files

83c3e72a957231fed67538c374c3d0ca21fae4d58c115e27664ab3d4a3b5b2f2
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 237KB - Virtual size: 236KB

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 237KB - Virtual size: 236KB