gozi_ifsb | 8ecbae4985b7df072bd6df4b60f194fdcabd92bb336e11f8ca40987a5a81b1e3

Sharing

Copy URL

Twitter E-mail

General

Target

8ecbae4985b7df072bd6df4b60f194fdcabd92bb336e11f8ca40987a5a81b1e3
Size

240KB
MD5

4167ba311c381dbda9f12c274b81e782
SHA1

7feb73ac6aeef592a01039131a13bfa73fbba412
SHA256

8ecbae4985b7df072bd6df4b60f194fdcabd92bb336e11f8ca40987a5a81b1e3
SHA512

bd7ce739ead9aeb4c0c24a84ee39fcaefdf7e5f69b98b781bf61d332dc7a3ac002426c9512ded770a71ccf7572dc5227e1a04a61139661bb4fe98caf03b8caad
SSDEEP

6144:h2yfji0Fu6oZMXe67BzvVLe+q+WXHWMbTcQM:hvFu6gwN7BzvVe5/XHWMbPM

Score

10^/10

1500 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

todo.faroin.at

apr.intoolkom.at

app3.crasa.at

r23cirt55ysvtdvl.onion

kas.kargoapp.at

io.feen007.at

gtk.uploner.at

l46t3vgvmtx5wxe6.onion

api2.biborexa.com

free.monotreener.com

xhr.vionedino.com

cdn8.novand.at

tb.yapker.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

8ecbae4985b7df072bd6df4b60f194fdcabd92bb336e11f8ca40987a5a81b1e3
.dll windows x64

561babba107cc2296485d4ba59217cf8

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

strcpy
NtSetInformationProcess
sprintf
ZwClose
ZwQueryInformationToken
ZwOpenProcess
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
RtlImageNtHeader
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
RtlUpcaseUnicodeString
RtlFreeUnicodeString
ZwQueryKey
wcstombs
memcpy
memset
RtlAdjustPrivilege
_snwprintf
_strupr
NtQueryInformationThread
ZwOpenProcessToken
__C_specific_handler
__chkstk
OpenEventA
VirtualProtectEx
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
TerminateThread
CreateThread
GetCurrentProcessId
GetVersion
GetLocalTime
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
IsWow64Process
HeapAlloc
HeapFree
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
WriteFile
lstrcatA
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitThread
SetWaitableTimer
OpenProcess
GetCurrentThreadId
GetFileSize
DuplicateHandle
GetTickCount
GetCurrentThread
lstrcmpA
Sleep
CopyFileW
CreateFileW
DeleteFileW
GetWindowsDirectoryA
EnterCriticalSection
GetTempPathA
CreateDirectoryW
ExitProcess
CreateEventA
GetCommandLineA
lstrcmpiW
SuspendThread
ResumeThread
WaitForSingleObject
lstrcpyW
LeaveCriticalSection
lstrlenW
lstrcatW
InitializeCriticalSection
SwitchToThread
SetLastError
lstrcmpiA
WaitForMultipleObjects
MapViewOfFile
ResetEvent
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
CreateWaitableTimerA
UnregisterWait
VirtualAlloc
VirtualProtect
TlsGetValue
RegisterWaitForSingleObject
TlsAlloc
LoadLibraryExW
TlsSetValue
TerminateProcess
GetTempFileNameA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualFree
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
lstrcpynA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
SleepEx
LocalAlloc
FreeLibrary
RaiseException
VirtualQuery
DeleteCriticalSection
ExpandEnvironmentStringsW
SetEndOfFile
SetFilePointer
RemoveDirectoryW
SetFilePointerEx
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetVersionExA

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

561babba107cc2296485d4ba59217cf8

Code Sign

Headers

File Characteristics

Imports

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB