darkgate | unpacked_2fa83a1f4b3196a87645d4e71c3a486c7eb433ccb462c85888d5a5dee2abe2e2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

unpacked_2fa83a1f4b3196a87645d4e71c3a486c7eb433ccb462c85888d5a5dee2abe2e2.zip
Size

205KB
MD5

c53720bfdd955168ef62a747dbc195cc
SHA1

5b89742a9d2606aa36eb3ee1b478791fd834be96
SHA256

8238ff6f1493c9c489bc0aba12e0cf6ac057875045c28a2a4b110a128f64c282
SHA512

f42d6f2832855b8a3977f90b3a5b73b13ec9efb5427e88d06ee7d99ae25bc8319651a073fede737c7433d2c15467889a2652e420748de2a406dfc1bc0b6e53f5
SSDEEP

6144:MhRuqRcFK8sh1ngslRXBv9uIYlE5hw3P7Slb4oQqIjvHCw:Mfuq6sh2QXXVs5P7ObVI7HCw

Score

10^/10

darkgate

Malware Config

Signatures

Darkgate family
darkgate

Detect DarkGate stealer 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/44a0000.f8849031-05af-4cdc-98d3-848251cef52b.exe	family_darkgate_v6

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/44a0000.f8849031-05af-4cdc-98d3-848251cef52b.exe

Files

unpacked_2fa83a1f4b3196a87645d4e71c3a486c7eb433ccb462c85888d5a5dee2abe2e2.zip
.zip
44a0000.f8849031-05af-4cdc-98d3-848251cef52b.exe
.exe windows:4 windows x86 arch:x86

cb2c2b2412e4549f546c4d9619b07f3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
getservbyname
getservbyport
getprotobyname
getprotobynumber
gethostbyname
gethostbyaddr
gethostname
shutdown
setsockopt
getsockopt
sendto
send
recv
recvfrom
htons
htonl
listen
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
getsockname
getpeername
connect
closesocket
bind
accept
socket
select
getaddrinfo
freeaddrinfo
getnameinfo

combase

CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

kernel32

CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlen
lstrcpyn
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcmpW
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAllocEx
VirtualAlloc
TerminateThread
TerminateProcess
Sleep
SetThreadPriority
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
HeapAlloc
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemInfo
GetSystemDefaultLCID
GetStringTypeA
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameW
GetCPInfo
GetACP
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateRemoteThread
CreateProcessW
CreateProcessA
CreatePipe
CreateFileW
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
Sleep
CreateProcessA
GetTickCount
GetCurrentProcessId
SetThreadExecutionState
IsDebuggerPresent

oleaut32

VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
mouse_event
ToUnicodeEx
SystemParametersInfoA
ShowWindow
SetWindowPos
SetThreadDesktop
SetCursorPos
SendMessageA
PostMessageA
PeekMessageA
OpenDesktopA
OpenClipboard
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapVirtualKeyExA
LoadStringA
LoadIconA
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetThreadDesktop
GetSystemMetrics
GetSysColor
GetLastInputInfo
GetKeyboardLayout
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetCursorPos
GetCursorInfo
GetClipboardData
GetClassNameA
GetAsyncKeyState
FindWindowA
FillRect
EnumWindows
DrawIconEx
DestroyIcon
CreateIcon
CreateDesktopA
CloseClipboard
CharLowerBuffW
CharNextA
CharLowerBuffA
CharToOemA
EnumDisplayMonitors
GetMonitorInfoA
PrintWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
GetUserNameW
GetUserNameA

gdi32

UnrealizeObject
StretchBlt
SetWinMetaFileBits
SetTextColor
SetStretchBltMode
SetROP2
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
GetWinMetaFileBits
GetTextMetricsA
GetStockObject
GetPixel
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetBrushOrgEx
GetBitmapBits
GdiFlush
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreatePenIndirect
CreateHalftonePalette
CreateFontIndirectA

shell32

ShellExecuteEx
ShellExecuteW
SHFileOperationW
SHFileOperation
SHGetSpecialFolderPathW

ole32

CoInitialize

wsock32

WSAStartup
WSAGetLastError
gethostbyname
socket
send
select
recv
ioctlsocket
inet_addr
htons
connect
closesocket

kernelbase

UpdateProcThreadAttribute
InitializeProcThreadAttributeList

ntdll

NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDuplicateObject
NtClose
NtQuerySystemInformation

winmm

waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInGetDevCapsA
waveInAddBuffer

Sections

CODE
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb2c2b2412e4549f546c4d9619b07f3c

Headers

File Characteristics

Imports

ws2_32

combase

kernel32

oleaut32

user32

advapi32

gdi32

shell32

ole32

wsock32

kernelbase

ntdll

winmm

Sections

CODE Size: 336KB - Virtual size: 336KB

DATA Size: 12KB - Virtual size: 12KB

BSS Size: 8KB - Virtual size: 8KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 24KB

CODE
Size: 336KB - Virtual size: 336KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: 8KB - Virtual size: 8KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 24KB