gozi | 01d06f85fce63444c3563fe3bd20c004_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01d06f85fce63444c3563fe3bd20c004_JaffaCakes118
Size

100KB
MD5

01d06f85fce63444c3563fe3bd20c004
SHA1

c4192f0994d5b9a5efd18e9a697dcf78cc092c0d
SHA256

bd11592557d2dba4e2cc5cdfdbc61cba64735ae01050db58557e2281389512a0
SHA512

0846b6e70c32fa21bae9f8eb05cd4d1dadb8f806baafeb27a19ea2ce44ec2d3cc3184925628ca4132a2e83e6c5f914db72c84cf71fbf448997d84bc69a553e1a
SSDEEP

1536:ugResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:t3S/CY7GQT9iqx0XYg7/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

01d06f85fce63444c3563fe3bd20c004_JaffaCakes118

resource
01d06f85fce63444c3563fe3bd20c004_JaffaCakes118

Files

01d06f85fce63444c3563fe3bd20c004_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50e6fc47ed7035c50cdc64d2fc36643f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
SetFileAttributesA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
CreateDirectoryA
GetFileAttributesA
GetShortPathNameA
MultiByteToWideChar
WritePrivateProfileStringA
FindNextFileA
FindFirstFileA
GetStartupInfoA
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
strlen
memcpy
fread
fseek
memset
fopen
sprintf
__dllonexit
_onexit
_exit
_stricmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

50e6fc47ed7035c50cdc64d2fc36643f

Headers

File Characteristics

Imports

kernel32

shell32

ole32

msvcp60

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 16KB - Virtual size: 14KB