gozi | 4b15f2205d598e23e9ecda161d9d796d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b15f2205d598e23e9ecda161d9d796d_JaffaCakes118
Size

27KB
MD5

4b15f2205d598e23e9ecda161d9d796d
SHA1

28b1cf4d27ac06e295f5694544baf7f8fb808de3
SHA256

9b260f5f70cbb25ee39b9872194ce91ad4a710f098371fa347b55ccf5286a17e
SHA512

8682d4457874f87d6be746136507f678114396465ebe55a44ed501fbc6b29358da684591b6e74a31378c025feacb38d7555ff37afad17c114934c6e9edf39f15
SSDEEP

384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN7MK:k1dDMzCTer4

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b15f2205d598e23e9ecda161d9d796d_JaffaCakes118

Files

4b15f2205d598e23e9ecda161d9d796d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df2762a54310ac8f0abb2462159625bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
RtlZeroMemory
FindFirstFileA
CreateDirectoryA
MoveFileA
FindNextFileA
FindClose
ExitProcess
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
EnumWindows
MessageBoxA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ