gozi | 02348f4e1b7f9ce627441f6e05f09cd7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02348f4e1b7f9ce627441f6e05f09cd7_JaffaCakes118
Size

292KB
MD5

02348f4e1b7f9ce627441f6e05f09cd7
SHA1

455c94fae65c29eaa4085b7d612894d80a2d2788
SHA256

445fda2bb6a05d59eaf8fc82c7075b333af97f5849a0c4c615400d31bd2cf223
SHA512

b2fb988d488ffaefa5ba3bb538af85f775e788a96ca8a02d8b4356c876406f88a6de6f1fc706d84828ac64cd2a5d60cdffca47b17ddcef997b9cebec89cdf304
SSDEEP

6144:dv1Oyal6neqkXbx9TqUE3h1eyN60Bc1UAtas6oZh:d1Op6enLnqUO1R80c1U7sxZh

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02348f4e1b7f9ce627441f6e05f09cd7_JaffaCakes118

Files

02348f4e1b7f9ce627441f6e05f09cd7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

81f287c761bc7d0e54f8295b36119bca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlNtStatusToDosError
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
memset
ZwClose
NtCreateSection
mbstowcs
ZwOpenProcessToken
ZwOpenProcess
ZwQueryInformationToken
NtQuerySystemInformation
RtlFreeUnicodeString
ZwQueryInformationProcess
RtlUpcaseUnicodeString
RtlUnwind
NtQueryVirtualMemory

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFindExtensionA
StrRChrA
StrChrA
StrStrIA
StrTrimW
StrChrW
PathFindFileNameA
PathCombineW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

kernel32

SetEvent
GetTickCount
Sleep
HeapFree
GetExitCodeProcess
CreateProcessA
lstrlenW
GetLastError
GetProcAddress
ResetEvent
LoadLibraryA
lstrcmpiW
lstrcatW
DeleteFileW
CreateWaitableTimerA
SetFileAttributesW
SetWaitableTimer
HeapAlloc
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineW
ExitProcess
CloseHandle
ReadFile
WaitForSingleObject
CreateFileA
CreateEventA
GetVersion
lstrcmpA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetFileSize
FreeLibrary
lstrcpynA
GetFileTime
FindNextFileA
FindClose
FindFirstFileA
CompareFileTime
GetModuleFileNameA
lstrcmpiA
SetLastError
GetModuleHandleW
LoadLibraryW
TerminateThread
GetVersionExW
VirtualAlloc
IsWow64Process
GetCurrentProcessId
CreateThread
OpenProcess
VirtualProtectEx
SuspendThread
ResumeThread
GetLongPathNameW
GetModuleFileNameW
lstrlenA
ExpandEnvironmentStringsA
lstrcatA
lstrcpyA
ExpandEnvironmentStringsW
LocalFree
SetEndOfFile
CreateDirectoryW
WriteFile
CreateFileW
FlushFileBuffers
lstrcpyW
SetFilePointer
VirtualFree

user32

DefWindowProcW
SendMessageW
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SetClassLongW
SystemParametersInfoW
GetAncestor
GetWindowLongW
RegisterClassExW
GetForegroundWindow
TranslateMessage
GetMessageW
keybd_event
DestroyWindow
wsprintfW
wsprintfA
DispatchMessageW
GetCursorInfo

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegOpenKeyA
RegCreateKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegSetValueExA
RegQueryValueExA

shell32

ord92
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

81f287c761bc7d0e54f8295b36119bca

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

setupapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.bss Size: 4KB - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB