cybergate | 150b47671776ff6710521850c3e6dd51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

150b47671776ff6710521850c3e6dd51_JaffaCakes118
Size

424KB
MD5

150b47671776ff6710521850c3e6dd51
SHA1

fb1e31ff664bd4ad09d9ae2fa77536b14a4bf6cf
SHA256

f26d2e4396bc07c36fbbc52cda6342372b2faf007a09c57d075b809874bb2b38
SHA512

c3341a43be3fab8731fdd395d46cb2ce248dbbe5841e453327586c56c46f06d3286d7316f86626812521ecfc6eb32c5e99c420da8ed070a7ba50e6464b85867d
SSDEEP

6144:xOpslF0hdBCkWYxuukP1pjSKSNVkq/MVJbhvur6QE7P7:xwslmTBd47GLRMTbFuruP7

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

127.0.0.1:999

Mutex

V52VUNFW7HE4LQ

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
install_dir
HHHHJ
install_file
HJJJJJYer.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
150b47671776ff6710521850c3e6dd51_JaffaCakes118

Files

150b47671776ff6710521850c3e6dd51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

0
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

10
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

0 Size: 56KB - Virtual size: 56KB

1 Size: 4KB - Virtual size: 4KB

2 Size: 8KB - Virtual size: 8KB

3 Size: 4KB - Virtual size: 4KB

4 Size: 4KB - Virtual size: 4KB

5 Size: 4KB - Virtual size: 4KB

6 Size: 4KB - Virtual size: 4KB

7 Size: 228KB - Virtual size: 228KB

8 Size: 72KB - Virtual size: 72KB

9 Size: 4KB - Virtual size: 4KB

10 Size: 32KB - Virtual size: 32KB

0
Size: 56KB - Virtual size: 56KB

1
Size: 4KB - Virtual size: 4KB

2
Size: 8KB - Virtual size: 8KB

3
Size: 4KB - Virtual size: 4KB

4
Size: 4KB - Virtual size: 4KB

5
Size: 4KB - Virtual size: 4KB

6
Size: 4KB - Virtual size: 4KB

7
Size: 228KB - Virtual size: 228KB

8
Size: 72KB - Virtual size: 72KB

9
Size: 4KB - Virtual size: 4KB

10
Size: 32KB - Virtual size: 32KB