gozi | bfa457a3e1e7b2777e4025ae59a226bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfa457a3e1e7b2777e4025ae59a226bd_JaffaCakes118
Size

195KB
MD5

bfa457a3e1e7b2777e4025ae59a226bd
SHA1

d86e366ee832f436a8f634efca2a4e49ef03a803
SHA256

76cc8625e5fd011876aabe5a4a53d0b10dc3a77222731c373037b5e3e100600c
SHA512

d5f95ca358065fc5ff6f8f018b2366d3131efdd935e49f797a8b547e406b5092e4b6eeea06632833ae2abca1f6f13c3dc335ba89420ebaf174647455874fbc48
SSDEEP

3072:zxU8b6gWTPAhJXaDSfoaohyAL9hSogeNSl30pGo2Gs26ouzPLiY:zxU8+gCAhJXYza0yAL+oTNS825zPLiY

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Attributes

build
214864

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa457a3e1e7b2777e4025ae59a226bd_JaffaCakes118

Files

bfa457a3e1e7b2777e4025ae59a226bd_JaffaCakes118
.dll windows:4 windows x64 arch:x64

907907e4c4a869e23c0d754b285dc52c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

ZwOpenProcessToken
ZwQueryInformationToken
strcpy
NtQuerySystemInformation
ZwQueryInformationProcess
NtMapViewOfSection
NtUnmapViewOfSection
ZwClose
RtlNtStatusToDosError
NtCreateSection
memcpy
ZwOpenProcess
_strupr
_wcsupr
_snprintf
memset
wcscpy
RtlFreeUnicodeString
RtlUpcaseUnicodeString
ZwQueryKey
wcstombs
RtlImageNtHeader
mbstowcs
RtlAdjustPrivilege
sprintf
__C_specific_handler
__chkstk

kernel32

GetDriveTypeW
lstrcmpiW
ResetEvent
GetComputerNameW
SetFilePointerEx
QueueUserWorkItem
GetLocalTime
GetModuleFileNameA
VirtualFree
HeapAlloc
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
lstrcatA
WriteFile
HeapReAlloc
GetTickCount
HeapDestroy
HeapCreate
SetEvent
CreateFileW
GetCurrentThreadId
DuplicateHandle
Sleep
CopyFileW
GetCurrentThread
lstrlenW
SetWaitableTimer
GetSystemTimeAsFileTime
CreateEventA
GetWindowsDirectoryA
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
CreateDirectoryW
lstrcpyW
GetModuleHandleA
OpenProcess
CreateThread
SwitchToThread
lstrcatW
SetLastError
WaitForMultipleObjects
lstrcmpiA
WaitForSingleObject
lstrcmpA
CreateMutexA
OpenWaitableTimerA
OpenMutexA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetVersionExA
CreateWaitableTimerA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsSetValue
VirtualAlloc
UnregisterWait
VirtualProtect
RegisterWaitForSingleObject
TlsAlloc
TlsGetValue
GetProcAddress
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
GetFileSize
CreateFileMappingA
GetModuleFileNameW
WideCharToMultiByte
lstrcpynA
GlobalLock
GlobalUnlock
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
Thread32Next
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
AddVectoredExceptionHandler
SleepEx
OpenEventA
RemoveVectoredExceptionHandler
LocalAlloc
FreeLibrary
RaiseException
GetCurrentProcessId
GetVersion
DeleteCriticalSection
SetFilePointer
RemoveDirectoryW
FindFirstFileW
GetFileAttributesW
ExpandEnvironmentStringsW
FindClose
GetTempFileNameA
FindNextFileW
SetEndOfFile
VirtualProtectEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

907907e4c4a869e23c0d754b285dc52c

Headers

File Characteristics

Imports

ntdll

kernel32

oleaut32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.bss Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 4KB