Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...ac.dll

windows7-x64

3

JaffaCakes...ac.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac

  • Size

    538KB

  • MD5

    66eb9a55782af246240d338f3f347a24

  • SHA1

    9a6b2c9e57086a9e56ac3c610cf63c917088808b

  • SHA256

    c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac

  • SHA512

    961cd2260329e6b2f12d70597a8b0c1bd31878f219c5611b7f5c3a9c58524b9c8916cd8ad8b12f2bec1157da9331d404c840fe289c0337b6cd19aa545abc3baa

  • SSDEEP

    1536:W7UcWwDMbboCQc1s4f2qlalXWEj9N75mCFE:faMXoCns4f2qlalVxN75pFE

Score
10/10
isfb7555gozi

Malware Config

Extracted

Family

gozi

Botnet

7555

C2

c.s-microsoft.com

ajax.googleapis.com

greatewallfirewall.xyz

185.186.244.130

booloolo2.com

37.120.222.107
Attributes
  • base_path

    /postfix/

  • build

    251173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • extension

    .yml

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_c5732f88cfea8fd6d5a376534140a71129213100cdd5706c18e94a8d48ebadac
    .dll windows:5 windows x86 arch:x86

    8868782589bd3111ef358851558bbf50


    Headers

    Imports

    Sections