gozi | 8dc61b737990385473dca9bfc826727b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8dc61b737990385473dca9bfc826727b_JaffaCakes118
Size

148KB
MD5

8dc61b737990385473dca9bfc826727b
SHA1

0ceac550f0da7d4b395dae4a707fe0adbc7d9c42
SHA256

be4fb3149fde2a18c68a3bb85084fff9212c5a717f89e4ed300929a4e2eb301d
SHA512

f3fcf78271018df56d425b5cf2fbb5002f1cf7769bdc7be6172939c9e6fd0dd1c90d7313d885df76a7c4b93ce8aa4c252f8864fb74f71d74d42ee928c3ea9560
SSDEEP

1536:fjLkLxke+a6vLZqyMe6Gfo84U0taH3DfBTF7kK3RmkdumKlJ4j0wExDKgf:mxka6gGfoucaH3VBmkduXla+Z/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dc61b737990385473dca9bfc826727b_JaffaCakes118

Files

8dc61b737990385473dca9bfc826727b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetFileAttributesA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
GetTempPathA
GetShortPathNameA
MultiByteToWideChar
Sleep
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
strlen
memcpy
fread
fseek
memset
fopen
sprintf
__dllonexit
_onexit
_exit
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

Imports

kernel32

shell32

ole32

msvcp60

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 120KB - Virtual size: 117KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 120KB - Virtual size: 117KB

.rsrc
Size: 16KB - Virtual size: 14KB