Behavioral task
behavioral1
Sample
677f7c42f79a0a58760056529739fdd6_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
677f7c42f79a0a58760056529739fdd6_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
677f7c42f79a0a58760056529739fdd6_JaffaCakes118
-
Size
452KB
-
MD5
677f7c42f79a0a58760056529739fdd6
-
SHA1
c05b90eb5caf8c2dca610b6f7253fe58b5c4a6a3
-
SHA256
07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65
-
SHA512
0e8e3b4042af7eddbc51a0f1552c504a08880f554c406b81f55fc9a8c0c4ac23ecd295c92d0741c66ed60749ca39999c9cbead1bcc7c94cf6e141f2188587389
-
SSDEEP
6144:CbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:CmmCVRtPvq2+d/
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 677f7c42f79a0a58760056529739fdd6_JaffaCakes118
Files
-
677f7c42f79a0a58760056529739fdd6_JaffaCakes118.exe windows:4 windows x86 arch:x86
549845b2dc6a459c1dd65123d0d4898e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
GetSystemInfo
GetProcAddress
GetModuleHandleA
DeleteFileA
LoadLibraryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetStartupInfoA
msvcrt
memcpy
fread
fseek
memset
sprintf
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fopen
Sections
.text Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 822B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 416KB - Virtual size: 412KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ