gozi | 6255b64befa9485e7b5a5e364d21d39d_JaffaCakes118 | Triage

Sharing

General

Target

6255b64befa9485e7b5a5e364d21d39d_JaffaCakes118
Size

31KB
MD5

6255b64befa9485e7b5a5e364d21d39d
SHA1

cf73a5b8a4916f14df617775b50598e3a5d3bb1b
SHA256

61dcc60a231e25d32c2747a8531ed1606fbf6def9b1703c77540136567cbf747
SHA512

ad1c3d5f288d010da0aba93de0ac600bfa39479a49be350f220cbd717bac3db94984575f0be15401ba5d367fea28d1dba27c4f131ddf0239b2c3d63335e47b08
SSDEEP

384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN2MbnHcGd4Po:k1dDMzCTerScir

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6255b64befa9485e7b5a5e364d21d39d_JaffaCakes118

Files

6255b64befa9485e7b5a5e364d21d39d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df2762a54310ac8f0abb2462159625bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
RtlZeroMemory
FindFirstFileA
CreateDirectoryA
MoveFileA
FindNextFileA
FindClose
ExitProcess
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
EnumWindows
MessageBoxA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ