Behavioral task
behavioral1
Sample
6972741ae2e2e94c3c8d829017b48091_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6972741ae2e2e94c3c8d829017b48091_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
6972741ae2e2e94c3c8d829017b48091_JaffaCakes118
-
Size
1.2MB
-
MD5
6972741ae2e2e94c3c8d829017b48091
-
SHA1
c254c546b3799e3870c9139b8738e0cdb7fc6d02
-
SHA256
0c3c1b50d5270b020df6ff9dd9d4746a5bbbc9e3eb74fe6cdde7a050643a68b6
-
SHA512
310b1a50b0a91866f215f8cf677ed2d03ca59de62b7b60b3491a58185e3d8cf81eea94b6b2caaae31df26f63e0eb4375ffa3b323437f44e79fac5338411f3e8e
-
SSDEEP
24576:ckYWL42us2tUKNtMEEMxjq+PiuYHwT59jLCQzoOZhVeeq/:ck3Buwaz7TSuodeq/
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6972741ae2e2e94c3c8d829017b48091_JaffaCakes118
Files
-
6972741ae2e2e94c3c8d829017b48091_JaffaCakes118.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 13KB - Virtual size: 624KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 643KB - Virtual size: 643KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ