cybergate | 95324e8516c732efdfcdde5476ab776c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95324e8516c732efdfcdde5476ab776c_JaffaCakes118
Size

367KB
MD5

95324e8516c732efdfcdde5476ab776c
SHA1

a0a4baba4085f3bf8eeb12abe025e2c1e79a24c1
SHA256

790e291d983c30d8cb93dfb8b73aca4579b9f16109d60b33b40d752279497312
SHA512

af1a33e2cc0bf893f8011f0c11ad729649d1e88e29ef5e6524f4faf07275e0159e5b601a96cf5d3b6eaed7fca6b1eefbb529109dc82d7074da64d2910839c85a
SSDEEP

6144:E2aYgSUglq9hdBCkWYxuukP1pjSKSNVkq/MVJbHOpslR:5aLTBd47GLRMTbHwslR

Score

10^/10

cybergate

Malware Config

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95324e8516c732efdfcdde5476ab776c_JaffaCakes118

Files

95324e8516c732efdfcdde5476ab776c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e32191ed5d7cf49bf1f86011d2a6284

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FreeResource
ResumeThread
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
GetThreadContext
CreateProcessA
LockResource
LoadResource
SizeofResource
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary

msvcrt

_ftol
_CIpow
malloc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DexCrypt
Size: 78B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ