cybergate | 3be2e729b8df17fb5e75793af06a1702_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3be2e729b8df17fb5e75793af06a1702_JaffaCakes118
Size

318KB
MD5

3be2e729b8df17fb5e75793af06a1702
SHA1

211ffe7f99e9f41b39772cbc79e6c90ad3d82b73
SHA256

d8ab42fccde9a35c18dc4d2066f382f11a6f1725d714274f97e4ebf87050d1ba
SHA512

75664d37e8a75fbe4cfad56d7e1deabfdd357a38e7b49b3540efa4d402fe80d671bd0f69853e955e80a4e10311da4ffeea50bea7b1898cf3dc9513f1f1fef6bb
SSDEEP

6144:QmcD66RR65JGmrpQsK3RD2u270jupCJsCxCeK:ZcD66PZ2zkPaCx

Score

10^/10

öííé cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

ambk.no-ip.org:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_file
windows.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
bj#43by

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be2e729b8df17fb5e75793af06a1702_JaffaCakes118

Files

3be2e729b8df17fb5e75793af06a1702_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 48KB - Virtual size: 48KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.rsrc Size: 244KB - Virtual size: 244KB

.aspack Size: 8KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

CODE
Size: 48KB - Virtual size: 48KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 244KB - Virtual size: 244KB

.aspack
Size: 8KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB