gozi | fb3495715764cdaa547f2b040c0a9b1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb3495715764cdaa547f2b040c0a9b1f_JaffaCakes118
Size

100KB
MD5

fb3495715764cdaa547f2b040c0a9b1f
SHA1

8c4ea91e8084dace72a581b7128660e0f07f4235
SHA256

ab1b410897b2d2fc56e7036fc5bc826ce142bffb5fbe18d94c1eac81445ec39e
SHA512

1f536665867953955262d9a3391e5b3daead79e47c7c6166c8baea07c5d3ec37ad09cc5f6a78d94de37cd652a0286de3a4fd0e17d5633a3d2a41c2034d763bf0
SSDEEP

1536:vgResjzjBEY7AmycmyTOOiq7NPsS5AQM3fj+kEPDKgf:Y3j/CY7GQT9iqx0XDg7/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb3495715764cdaa547f2b040c0a9b1f_JaffaCakes118

Files

fb3495715764cdaa547f2b040c0a9b1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50e6fc47ed7035c50cdc64d2fc36643f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
SetFileAttributesA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
CreateDirectoryA
GetFileAttributesA
GetShortPathNameA
MultiByteToWideChar
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
strlen
memcpy
fread
fseek
memset
fopen
sprintf
__dllonexit
_onexit
_exit
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

50e6fc47ed7035c50cdc64d2fc36643f

Headers

File Characteristics

Imports

kernel32

shell32

ole32

msvcp60

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 16KB - Virtual size: 14KB