gozi | fdfa4fdbdf2b9a4aded7f997a8181216_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdfa4fdbdf2b9a4aded7f997a8181216_JaffaCakes118
Size

4.1MB
MD5

fdfa4fdbdf2b9a4aded7f997a8181216
SHA1

9efb866c88ee8af36cd8215ce7da0db6d530d90a
SHA256

770af3dc023a4c310aed475ff5fa720252b901ccdbd20910f5299177adf5333d
SHA512

5c32ed9abba81b2aa6c7dd2302bf8a701b94bae248e23853b4f54ac471e081c10a61f5628b53a87e46ade87f5e44f27b7f7ca62fe837bc3b67a907219e4a4a7c
SSDEEP

49152:dVF13mw4WmqSlI8F1VQLraG1ntc7PSLTUaWIESnqv7sNg8Z:/F13mw428P+K26ETUUESqv7sNg8Z

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdfa4fdbdf2b9a4aded7f997a8181216_JaffaCakes118

Files

fdfa4fdbdf2b9a4aded7f997a8181216_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xur
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE