cybergate | server[.]exe

General

Target

server.exe
Size

427KB
MD5

2b541ce551764cda4ec19cf40a6d62a6
SHA1

284969a5d4a4437199dc529226191cad976c2206
SHA256

269aff53e58f71f5893d6d4bb552e57ab3f56d8b797259f8ed9a3ffc18a295b4
SHA512

249882eb640013cd0d088241340ff21b601a47967aad8cd0e8afd802fc3824db6e5c7f9d77574958e1615542424deebe5b86d29bb609a3f5b0b8988d7d6d3199
SSDEEP

12288:FuMwCBi8vvrHxVPKyv2m77sZB07FxObO32k:FHwb8vrx52t07FQaX

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

remote

C2

127.0.0.1:999

127.0.0.1:81

Mutex

NCK75D3YUE7Y2D

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
svchost.exe
install_dir
hgf
install_file
hgf.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
server.exe

Files

server.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 35KB - Virtual size: 34KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 385KB - Virtual size: 385KB

CODE
Size: 35KB - Virtual size: 34KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 385KB - Virtual size: 385KB