gozi | ea5763987fabc764b98bb6bdf9556e18_JaffaCakes118 | Triage

Sharing

General

Target

ea5763987fabc764b98bb6bdf9556e18_JaffaCakes118
Size

844KB
MD5

ea5763987fabc764b98bb6bdf9556e18
SHA1

a33a9088661fa3d2c2d88c2aa6a2a59fc6ef3304
SHA256

4078c6bf8644f0e32508fb401f0520133d40f9a34bfcc3cefac1b1067d129895
SHA512

c6b5b1e158dba7ca8ffc760197e1c1e78d1e6756f9dec8c19a6936dd7f128ea0da98ff90d132263642010ae002bfc8f26da4f01d9f5e3654120b0d29271959ac
SSDEEP

12288:2N/ude1Bomlsbe0oNDtIzdJ5Y8LVKqezA+hWvn4usfpnMWacJLc8X+pd167QhEUk:Zd6WmynoNDtIhJfwqh+hu4fxM8E6Eh

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea5763987fabc764b98bb6bdf9556e18_JaffaCakes118

Files

ea5763987fabc764b98bb6bdf9556e18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e05506fe2472e19761ad1ffb6222076f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetLastError
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
FreeLibrary
ExitProcess
RtlZeroMemory
RtlMoveMemory
CreateFileA
WriteFile
CloseHandle
TerminateThread
TerminateProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers

user32

DialogBoxParamA
LoadIconA
SendMessageA
SetDlgItemTextA
EndDialog
GetClassNameA
GetWindowThreadProcessId
ShowWindowAsync

comctl32

InitCommonControls

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ