gozi | 2ac8f77548e87b401767c7076adfa00d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ac8f77548e87b401767c7076adfa00d_JaffaCakes118
Size

138KB
MD5

2ac8f77548e87b401767c7076adfa00d
SHA1

1a45623722aa731c2e3628e17af0bd682ac8c318
SHA256

c4054c514f0c58bcff456114768723b257013c49eba9ca61e395484e81e01d19
SHA512

9cbabf97781998f403dc69b7288914bb8f03f2a658cc850307699d276abef6cb8d0645783e82def2db1c4ce73f26d210dd331e9e891848514543f064a0ad6f23
SSDEEP

3072:yqAB7GDF1qozIL7W0QA8nxDnVhIOFNg9/IWsvY:gB78RIL7wnxncOLUgRY

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ac8f77548e87b401767c7076adfa00d_JaffaCakes118

Files

2ac8f77548e87b401767c7076adfa00d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa3749feb7aa4ca0f4349763b2e3277a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
lstrcpyA
lstrlenA
GetFileAttributesA
CreateMutexA
LoadLibraryA
SetLastError
GetModuleFileNameA
GetShortPathNameA
GetModuleHandleA
GetStartupInfoA
GetLastError
ReleaseMutex
CloseHandle
Sleep
SetUnhandledExceptionFilter
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
WritePrivateProfileStringA

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
RegCreateKeyA
OpenServiceA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

msvcrt

_controlfp
_except_handler3
fclose
fwrite
sprintf
fopen
strncat
strncpy
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
fread
fseek
free
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fa3749feb7aa4ca0f4349763b2e3277a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp60

msvcrt

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 127KB - Virtual size: 127KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 127KB - Virtual size: 127KB

.rsrc
Size: 512B - Virtual size: 16B