Behavioral task
behavioral1
Sample
JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c
-
Size
56KB
-
MD5
6f72ecaeaf6d8b0a06f0da5ae3754dbe
-
SHA1
42750e04efcfec1868d5d80287d212e7f2a2abb6
-
SHA256
15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c
-
SHA512
0c9c3c62d630bad4a3245b9e6b30133b6b78f8b0faa3d611ea4ce912d126f380bfbfc0149bdb6d79580acccd12980076165c7b4cc0787816cba2908b8124c3e7
-
SSDEEP
768:AWoCPLUiJVkvxey5eb8EvnVBosnO1T2VOYcV0HRoJvv5E:AWoM//t2eblt6T2VOcihv
Malware Config
Extracted
gozi
Extracted
gozi
7625
sistemliner.top
linkspremium.ru
premiumlists.ru
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c
Files
-
JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c.dll windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ