Extracted

• • Target

    f4ae27817bbcb61132826438613806fd_JaffaCakes118

  • Size

    410KB

  • MD5

    f4ae27817bbcb61132826438613806fd

  • SHA1

    36471c4ed2b55e380716912d04d4231e848ca6b0

  • SHA256

    1c08529940a39b8da4826892cab44b6e933e2cc6e0bad80ef448dc29e58d4f9b

  • SHA512

    4beef055e6c810674c7d218129cef2e2928333ba22e78bd290399feddb14e0c3547ea527f528fada9fbb7b99c19a3e7845adfcdef192b0156002c1b61b35bdf0

  • SSDEEP

    12288:I2IL7JBRUTV5nf1xw0EtIGwLZjoATXEG7TMgop:ITL9MTV5n9xXEt3wLNoAPvxop

  Score

  10^/10

  cybergateserverdiscoverystealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2