gozi | 12909e76c028149f7a95e572e141c459_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

12909e76c028149f7a95e572e141c459_JaffaCakes118
Size

80KB
MD5

12909e76c028149f7a95e572e141c459
SHA1

df8ea2fa1b9a9a29c3c7935ed0b098def6ad84b7
SHA256

3b22b0220044caa9b8c9cbff3886c8c1c6ee673f9ad8998ca84022a97218b3c6
SHA512

d731c98b4565b6a53503acceeb442ebfde358974a56fb5d50b0349e55e22074ffd54b46529ca0d85474244edc21f2846a70b62fd4901db6f477162190c4718cc
SSDEEP

1536:5LYk0evqm+qQEATcBnHI7+ZlSy9FHj5d9dug3fjCemREuQRIe:5LYIypqlAQHIyZlSy9Z9Jug3u7Euo

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12909e76c028149f7a95e572e141c459_JaffaCakes118

Files

12909e76c028149f7a95e572e141c459_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3149e66c79f40d66c27fb0cea7d7a693

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenProcess
ZwQueryInformationToken
RtlNtStatusToDosError
NtCreateSection
memset
NtMapViewOfSection
NtUnmapViewOfSection
memcpy
ZwClose
ZwQueryInformationProcess
NtQuerySystemInformation
mbstowcs
RtlUpcaseUnicodeString
RtlFreeUnicodeString
ZwOpenProcessToken
RtlImageNtHeader
RtlUnwind
NtQueryVirtualMemory

shlwapi

StrChrA
StrRChrA
StrChrW
StrTrimW

kernel32

CloseHandle
LoadLibraryA
DeleteFileW
ResetEvent
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateProcessA
SetFileAttributesW
HeapAlloc
SetWaitableTimer
lstrlenA
GetExitCodeProcess
CreateEventA
SetEvent
GetProcAddress
lstrcatW
GetLastError
Sleep
HeapFree
lstrlenW
GetCommandLineW
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
WaitForSingleObject
CreateWaitableTimerA
GetVersion
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
GetModuleFileNameA
GetModuleFileNameW
ReadFile
OpenProcess
SuspendThread
ResumeThread
VirtualProtectEx
GetCurrentProcessId
GetLongPathNameW
LocalFree
lstrcatA
lstrcpyA
FindFirstFileA
FindClose
CompareFileTime
FindNextFileA
GetFileTime
CreateFileA
SetLastError
lstrcmpiA
VirtualFree
VirtualAlloc
SetFilePointer

user32

wsprintfA
GetCursorInfo

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

3149e66c79f40d66c27fb0cea7d7a693

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 59KB - Virtual size: 60KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 59KB - Virtual size: 60KB