gozi | fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118
Size

242KB
MD5

fc6677c3c47e773d193ee88c76349c8b
SHA1

8a1015393e301aeb77435a75749ca0608229256b
SHA256

980771895c8880731bbe04e99264bcadd78d4dc9b41eee0402759d39d39c4b61
SHA512

8a6e987105769e18a0b3717558564f10e49f6870e42905c57843ee5c91f2c0fade05ef7ed20fe96041f76b83f9a8e3e4082ad4389e14fc71f365ede25791e26e
SSDEEP

6144:tmnZO0GDlypHAT/cxkDyPFXkfh+3m33c51Wjak4SdS83x:tMZOrEpHAT/cLPF0Im3s51WjaCU8

Score

10^/10

isfb 2500 gozi

Malware Config

Extracted

Family

gozi

Botnet

2500

art.microsoftsofymicrosoftsoft.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

gta5.fifatalk.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

free.monotreener.com

sam.fafona.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118

Files

fc6677c3c47e773d193ee88c76349c8b_JaffaCakes118
.dll windows:4 windows x64 arch:x64

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ZwQueryInformationToken
ZwClose
NtSetInformationProcess
sprintf
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
RtlImageNtHeader
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
ZwQueryKey
RtlUpcaseUnicodeString
RtlFreeUnicodeString
_snwprintf
_strupr
wcstombs
memcpy
memset
RtlAdjustPrivilege
NtQueryInformationThread
__C_specific_handler
__chkstk
OpenEventA
VirtualProtectEx
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
TerminateThread
CreateThread
GetCurrentProcessId
IsWow64Process
GetVersion
GetLocalTime
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapAlloc
HeapFree
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
WriteFile
lstrcatA
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitThread
TerminateProcess
GetTickCount
GetCurrentThread
lstrcmpA
Sleep
CopyFileW
CreateFileW
GetWindowsDirectoryA
DeleteFileW
EnterCriticalSection
ExitProcess
CreateDirectoryW
GetTempPathA
CreateEventA
GetCommandLineA
lstrcmpiW
WaitForSingleObject
SuspendThread
ResumeThread
LeaveCriticalSection
lstrcpyW
InitializeCriticalSection
lstrlenW
lstrcatW
SwitchToThread
SetWaitableTimer
OpenProcess
GetFileSize
GetCurrentThreadId
DuplicateHandle
MapViewOfFile
ResetEvent
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
CreateWaitableTimerA
SetLastError
lstrcmpiA
WaitForMultipleObjects
TlsGetValue
RegisterWaitForSingleObject
TlsAlloc
LoadLibraryExW
TlsSetValue
UnregisterWait
VirtualAlloc
VirtualProtect
GetTempFileNameA
RemoveVectoredExceptionHandler
VirtualFree
AddVectoredExceptionHandler
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
lstrcpynA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
SleepEx
LocalAlloc
FreeLibrary
RaiseException
VirtualQuery
DeleteCriticalSection
SetFilePointer
RemoveDirectoryW
ExpandEnvironmentStringsW
SetEndOfFile
FindClose
GetFileAttributesW
SetFilePointerEx
FindFirstFileW
FindNextFileW
GetVersionExA

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

Imports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB