cybergate | 29ea4c87c1f0e5c6690103340b248733JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29ea4c87c1f0e5c6690103340b248733JaffaCakes118
Size

898KB
MD5

29ea4c87c1f0e5c6690103340b248733
SHA1

42e625a9321f861340b30820db1d669612b824d9
SHA256

ef79fa0eda35f996023b85e3c7fa23003a06f73606dd7c7c3917b3c7364eb2f2
SHA512

3eccb2b51a1f0899896f79e41966152282c8b2d8a1cf8af51804757313677445458264119fc519ed2adf1fc23417665963582b1bedecc9fd2ec16fe20be011d5
SSDEEP

12288:BKM9KBKJ9gV9Ra6xYSb5/dkVOp2tJxdNuDNkZEcwslTTBd47GLRMTbm:PgVHaqmVOpUx+QWslxd474mfm

Score

10^/10

cybergate

Malware Config

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ea4c87c1f0e5c6690103340b248733JaffaCakes118

Files

29ea4c87c1f0e5c6690103340b248733JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3bd438dc05d89f886047fe7adfa8954

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
Sleep
GetLastError
MoveFileW
GetSystemTimeAsFileTime
DeleteFileW
lstrcpyW
lstrlenW
GetEnvironmentVariableW
lstrcmpA
lstrlenA
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingW
VirtualFree
GetModuleHandleA
SetLastError
VirtualProtect
LoadLibraryA
GetProcAddress
HeapFree
FreeLibrary
HeapAlloc
GetProcessHeap
LoadLibraryW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
SetFilePointer
ExitProcess
FormatMessageA
SetEnvironmentVariableW
GetFileSize
CreateFileW
WideCharToMultiByte
lstrcpynW

user32

MessageBoxA
wsprintfW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 4KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ