cybergate | 3dc69abff6d7cc3195afb904743aadcd_JaffaCakes118

General

Target

3dc69abff6d7cc3195afb904743aadcd_JaffaCakes118
Size

316KB
MD5

3dc69abff6d7cc3195afb904743aadcd
SHA1

52dc4bde819b35e29db220c41de77db4e809051a
SHA256

9f1f5825abc813a9b858e1b42fe84b1f22eee9168103062f8b72a448617d3622
SHA512

8bd665c3b2d03ca47ed43cc78c681f5c7eb002bbd3daa926089ee43e5f6ab2b5c5560a0e1a0f8739fa2e5d0af304fee4e60d5e9e782d54b660668c7e41c558e6
SSDEEP

6144:cOpslFfhdBCkWYxuukP1pjSKSNVkq/MVJbw:cwslZTBd47GLRMTb

Score

10^/10

hic cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Hic

C2

hicjobs.no-ip.biz:100

Mutex

155VUE4QI205FP

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Hic
install_file
Hic.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
INVALID MEMORY !
message_box_title
Hic
password
0232

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dc69abff6d7cc3195afb904743aadcd_JaffaCakes118

Files

3dc69abff6d7cc3195afb904743aadcd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 56KB - Virtual size: 56KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.rsrc Size: 236KB - Virtual size: 236KB

.aspack Size: 15KB - Virtual size: 16KB

.adata Size: - Virtual size: 4KB

CODE
Size: 56KB - Virtual size: 56KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 236KB - Virtual size: 236KB

.aspack
Size: 15KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB