gozi | fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118

General

Target

fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118
Size

224KB
MD5

fad8f37c9bd5420f49cfd5960a60fa24
SHA1

6c97f91f77e44fd7ada5d09e2bed16744a3efcc3
SHA256

b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b
SHA512

e93ead6e855994c1024dba6a259b1630d6d247f639887877b8d47ddf4c7f42809fe903d4f185956f9f8b12b18bcd27d38b1c0c0ca87a4c7fc5d0056b226121a2
SSDEEP

3072:t78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:t78yHp9rQ85RZr0ku+cD/cZ

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118

Files

fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f153d40aef62119483a98c008e07ee2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
GetTempPathA
GetShortPathNameA
MultiByteToWideChar
Sleep
lstrlenA
lstrcatA
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
LCMapStringW
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetLastError
ReadFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetCPInfo
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEndOfFile

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

f153d40aef62119483a98c008e07ee2f

Headers

File Characteristics

Imports

kernel32

shell32

ole32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 160KB - Virtual size: 167KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 160KB - Virtual size: 167KB