gozi | 2ea534438a25be221978f3abfe530465_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ea534438a25be221978f3abfe530465_JaffaCakes118
Size

32KB
MD5

2ea534438a25be221978f3abfe530465
SHA1

d0fd7df16d277afffda9c76897eafe3afe4ca066
SHA256

5b6e42612bec4560e2c99d44a2092defe39878691d22591fc1a1cc1f1ce7ec2a
SHA512

0e7b20a1c12c8ec4a7ee678c862123bf4ce7eae8d2e17c64e825b52613d28288ef4a9cc66681ea5547011deae55c4f58bf08cddda9babf43ff3a2b7e6f301c89
SSDEEP

384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN7MbnHcGd4PTiUz1:k1dDMzCTerVciKiUz1

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ea534438a25be221978f3abfe530465_JaffaCakes118

Files

2ea534438a25be221978f3abfe530465_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df2762a54310ac8f0abb2462159625bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
RtlZeroMemory
FindFirstFileA
CreateDirectoryA
MoveFileA
FindNextFileA
FindClose
ExitProcess
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
EnumWindows
MessageBoxA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ