gozi | 89bfd463ca76b62c61a548778316567d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89bfd463ca76b62c61a548778316567d_JaffaCakes118
Size

452KB
MD5

89bfd463ca76b62c61a548778316567d
SHA1

c177b6298e37b6f541d748b7e988de5d2b2c95e1
SHA256

c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf
SHA512

48daf33aa5b6c1bc08591e9145600a8054090c1abbfea5c5bea9d8527de99da8f9f5bff398aee7c3ad299cb59e64de6f60025fde7450ba8a0b3280994663498e
SSDEEP

6144:5btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:5mmCVRtPvq2+d/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89bfd463ca76b62c61a548778316567d_JaffaCakes118

Files

89bfd463ca76b62c61a548778316567d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

549845b2dc6a459c1dd65123d0d4898e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemInfo
GetProcAddress
GetModuleHandleA
DeleteFileA
LoadLibraryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetStartupInfoA

msvcrt

memcpy
fread
fseek
memset
sprintf
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fopen

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ