Behavioral task
behavioral1
Sample
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
13b3cb819b460591c27e133e93fb8661_JaffaCakes118
-
Size
224KB
-
MD5
13b3cb819b460591c27e133e93fb8661
-
SHA1
33157a630a00078ac106f05ebd90feb1e61fb46d
-
SHA256
618a75808b11fba4d1501587f2df23c6bf4094a474497a1f15fb85bbdc6cd593
-
SHA512
d0853c6f3734ccbce7092c233c5ae582aba7ece330459b2a280199e19b7ae10fcd844307a2bb85f81b2b0d46235ca3241286740027cee157deba46b621ac43b4
-
SSDEEP
3072:j78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:j78yHp9rQ85RZr0ku+cD/cZ
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 13b3cb819b460591c27e133e93fb8661_JaffaCakes118
Files
-
13b3cb819b460591c27e133e93fb8661_JaffaCakes118.exe windows:4 windows x86 arch:x86
f153d40aef62119483a98c008e07ee2f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
GetModuleFileNameA
CreateFileA
GetTempPathA
GetShortPathNameA
MultiByteToWideChar
Sleep
lstrlenA
lstrcatA
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
LCMapStringW
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetLastError
ReadFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetCPInfo
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEndOfFile
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ole32
CoUninitialize
CoCreateInstance
CoInitialize
Sections
.text Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 160KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE