gozi | 677f7c42f79a0a58760056529739fdd6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

677f7c42f79a0a58760056529739fdd6_JaffaCakes118
Size

452KB
MD5

677f7c42f79a0a58760056529739fdd6
SHA1

c05b90eb5caf8c2dca610b6f7253fe58b5c4a6a3
SHA256

07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65
SHA512

0e8e3b4042af7eddbc51a0f1552c504a08880f554c406b81f55fc9a8c0c4ac23ecd295c92d0741c66ed60749ca39999c9cbead1bcc7c94cf6e141f2188587389
SSDEEP

6144:CbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:CmmCVRtPvq2+d/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
677f7c42f79a0a58760056529739fdd6_JaffaCakes118

Files

677f7c42f79a0a58760056529739fdd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

549845b2dc6a459c1dd65123d0d4898e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemInfo
GetProcAddress
GetModuleHandleA
DeleteFileA
LoadLibraryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetStartupInfoA

msvcrt

memcpy
fread
fseek
memset
sprintf
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fopen

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ