gozi | 2db05a728f56c8c5063559c5980f8f62_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2db05a728f56c8c5063559c5980f8f62_JaffaCakes118
Size

27KB
MD5

2db05a728f56c8c5063559c5980f8f62
SHA1

740cc0209c89c330724a238ba4e9a12012a7ce3a
SHA256

f06e4b33efffce919d0d3f01eb014362a15ecd088c10faf3d1fcbf9df8dc820e
SHA512

be9a68009a2d107eef10e2902ebdff659f2c15ccf0dd4b192fa15a934cfa8eb7d59b87b12ee220f9911d374bbe6ebb1b929ce773d09bc78836db7e86ff6b0ec6
SSDEEP

384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN7Mb3:k1dDMzCTert

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2db05a728f56c8c5063559c5980f8f62_JaffaCakes118

Files

2db05a728f56c8c5063559c5980f8f62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df2762a54310ac8f0abb2462159625bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
RtlZeroMemory
FindFirstFileA
CreateDirectoryA
MoveFileA
FindNextFileA
FindClose
ExitProcess
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
EnumWindows
MessageBoxA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ