gozi | def612ad0554006378f185d3b56efb57_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

def612ad0554006378f185d3b56efb57_JaffaCakes118
Size

148KB
MD5

def612ad0554006378f185d3b56efb57
SHA1

b27ea28e772fbc6b7f80b75b2ba6d32b39d6f256
SHA256

219423a32336987838bea44a471fe02700e2e74ba4c98ebb41512b7bc15e0c32
SHA512

5ebc664726aad811d6f91de8c7d355b312799e39e69af5218de0eda7d6696c5f1c025737c87c7bda0b22883425fd808770592c9bd7a3f39e759c5dbc46f14f9e
SSDEEP

1536:OjLzLxke+a6vLZqyMe6Gfo84U0taH3DfBTF7kK3RmkdumKlT4j0wEwVAcEDKgf:oxka6gGfoucaH3VBmkduXl8+wVAcw/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
def612ad0554006378f185d3b56efb57_JaffaCakes118

Files

def612ad0554006378f185d3b56efb57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetFileAttributesA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
GetTempPathA
GetShortPathNameA
MultiByteToWideChar
Sleep
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
strlen
memcpy
fread
fseek
memset
fopen
sprintf
__dllonexit
_onexit
_exit
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

Imports

kernel32

shell32

ole32

msvcp60

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 120KB - Virtual size: 120KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 16KB - Virtual size: 16KB