gozi | eefc66a1e978dc9d825f28702106d4d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eefc66a1e978dc9d825f28702106d4d5_JaffaCakes118
Size

148KB
MD5

eefc66a1e978dc9d825f28702106d4d5
SHA1

5af1d77746dffebc865f23f18c6b1a3d9210ff2e
SHA256

6fabbf51a4171a195b9c7cea98902d7b9fc3993aaf44ab6967ba48543b1fd893
SHA512

9bf1481acc5f0046b2f29274fdf96061233e62165f4a0716fe0ade4f33fd9ab41470a9fda0a80db62b82ef60f8ea42b8d6d2acf3339b0bb3f0d0a770bd6b68e6
SSDEEP

1536:ZjLkLxke+a6vLZqyMe6Gfo84U0taH3DfBTF7kK3RmkdumKlJ4j0wExDKgf:wxka6gGfoucaH3VBmkduXla+Z/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eefc66a1e978dc9d825f28702106d4d5_JaffaCakes118

Files

eefc66a1e978dc9d825f28702106d4d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetFileAttributesA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
GetTempPathA
GetShortPathNameA
MultiByteToWideChar
Sleep
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
strlen
memcpy
fread
fseek
memset
fopen
sprintf
__dllonexit
_onexit
_exit
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0a6d43befbca4679e8bfdb8759237996

Headers

File Characteristics

Imports

kernel32

shell32

ole32

msvcp60

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 120KB - Virtual size: 117KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 120KB - Virtual size: 117KB

.rsrc
Size: 16KB - Virtual size: 14KB