cybergate | 2e037357468eeaa1d3b8d33269e61b2e_JaffaCakes118 | Triage

Sharing

General

Target

2e037357468eeaa1d3b8d33269e61b2e_JaffaCakes118
Size

386KB
MD5

2e037357468eeaa1d3b8d33269e61b2e
SHA1

aeaf1420a82070f9d00830fb13004684038d9d5c
SHA256

1abc9597656b89200f401aa4ae4ef07d4ba07a396b3d6026d7fb69b9c99f40d3
SHA512

e87be289645cfc46100499b980112f8e822dd196df100503ae003b72d3ac5da28879eb43ff56a73868ba3e5f527ba9a823b6f27850de83d85bf6c5d706bdb6c2
SSDEEP

6144:nHbY+8rhdy30KmOnHO2QPz3qfCRuZlYVZgacc+4NVxVROJLOYCz+ZSt60NkhAZEG:n7sS4VxVQ5OkQwAKb8WMx

Score

10^/10

cybergate

Malware Config

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e037357468eeaa1d3b8d33269e61b2e_JaffaCakes118

Files

2e037357468eeaa1d3b8d33269e61b2e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d93e10bab040c1fb17f9403b38bd54d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarIndexLoadRefLock
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaFileOpen
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ