gozi | ea95ba8f4901f76942bf4f3d6741d51c_JaffaCakes118

General

Target

ea95ba8f4901f76942bf4f3d6741d51c_JaffaCakes118
Size

44KB
MD5

ea95ba8f4901f76942bf4f3d6741d51c
SHA1

5562e6fd62d403aa86b0c4ba338f10045765d05d
SHA256

1d6326bb9856509e77e5e562d6e3a67175027d8ae6421ed9fc9958cd995d1bae
SHA512

bfd359f8eeb02f856f16c54f19c248bbfdd16c3b7b810fa9c321d170c97c6a9d00eedc57b783b342d14eeb7be798beabcda1a1bce52e55301e9758a811117d79
SSDEEP

768:5AfL1G0aJa4NqFRmPGCSwlqxge34WaS4s7vSy4Nio6XHtLc++Art:5AfL1Gk4y9CSwkgYGSPGfAowtLcX4t

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Attributes

build
217061

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea95ba8f4901f76942bf4f3d6741d51c_JaffaCakes118

Files

ea95ba8f4901f76942bf4f3d6741d51c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

79a5b24d2efacb791e026c4446afc7b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrA
StrChrA
StrStrIA

kernel32

ExitProcess
GetCommandLineW
HeapDestroy
HeapCreate
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetLastError
GetCurrentProcessId
HeapAlloc
lstrcpyW
HeapFree
GetModuleHandleA
GetCurrentThread
MapViewOfFile
lstrlenW
UnmapViewOfFile
GetCurrentThreadId
GetSystemDefaultUILanguage
ReadFile
GetModuleFileNameW
CreateFileMappingW
EnterCriticalSection
LeaveCriticalSection
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
VirtualProtect
TlsGetValue
GetModuleFileNameA
lstrcmpA
GetLocaleInfoA
IsWow64Process
lstrlenA
SetFilePointer
VerLanguageNameA
VirtualAlloc
CreateFileA
OpenProcess
GetProcAddress
CloseHandle
GetVersion
CreateEventA
GetLongPathNameW
SetLastError
VirtualFree
lstrcmpiA

user32

wsprintfW

ntdll

ZwClose
RtlNtStatusToDosError
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
memset
memcpy
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

79a5b24d2efacb791e026c4446afc7b3

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

ntdll

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.bss Size: 1024B - Virtual size: 544B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 29KB - Virtual size: 32KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.bss
Size: 1024B - Virtual size: 544B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 29KB - Virtual size: 32KB