cybergate | 41d2edb228cdeb15312867a89831ce5d_JaffaCakes118

General

Target

41d2edb228cdeb15312867a89831ce5d_JaffaCakes118
Size

179KB
MD5

41d2edb228cdeb15312867a89831ce5d
SHA1

464705cad4c84f589788203d3cba4c19ff8d824a
SHA256

a17ce603fbbeca5dd7f43145b89aff59690739e81d7b1b8e57714df971aad45e
SHA512

d4124396bca2914100da9e2d6e58b8e484c0d643505f64898f0b54af992f908c394fa3279d6db0d76b77cff388030f1008bc7ab46da9d3b192faeea8708690ee
SSDEEP

3072:5ATpuydVEOyqGnlqxIl4Zt0G00GaBKhdOhbYCkHk49WY:5OpslFlqCGHGhhdBCkHk49WY

Score

10^/10

remote cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

angely.no-ip.biz:100

Mutex

5862YRC86P0DC2

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41d2edb228cdeb15312867a89831ce5d_JaffaCakes118

Files

41d2edb228cdeb15312867a89831ce5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 54KB - Virtual size: 54KB

DATA Size: 1024B - Virtual size: 572B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 277KB - Virtual size: 276KB

CODE
Size: 54KB - Virtual size: 54KB

DATA
Size: 1024B - Virtual size: 572B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 277KB - Virtual size: 276KB