gozi | a14f26faa6219d778378f2429f316b86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a14f26faa6219d778378f2429f316b86_JaffaCakes118
Size

721KB
MD5

a14f26faa6219d778378f2429f316b86
SHA1

5e2b1b421be7de0bc1a0c211362c7a7f967bb8b1
SHA256

2072428bb2f5f6232734c5d666c4a5070e770f4fa7de61efd04c3b51acf48b8b
SHA512

79abb5f8a8d5af3255e43325f8b91e978f3fb9643c499ab67334284bd0751adcefcb5987475a9d74f63f3f676208a40c4533044fc9e6c5054595970429ebb132
SSDEEP

12288:2N/ude1Bomlsbe0oNDtIzdJ5Y8LVKqezA+hWvn4usfpnMWacJLc8X+pd167QhEUk:Zd6WmynoNDtIhJfwqh+hu4fxM8E6Eh

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a14f26faa6219d778378f2429f316b86_JaffaCakes118

Files

a14f26faa6219d778378f2429f316b86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e05506fe2472e19761ad1ffb6222076f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
ExitProcess
RtlZeroMemory
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
ShowWindowAsync

comctl32

InitCommonControls

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ