gozi_ifsb | 41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6

Sharing

Copy URL

Twitter E-mail

General

Target

41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
Size

223KB
MD5

9e46c465b536cde41ba37d91150f3932
SHA1

7c8c2e9150d63be0c7c2bbb07eb1cb3fb667d91e
SHA256

41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
SHA512

04f94a5103c543091b052aebd89e22cd0a46fe3ddcd1abe8748eb465eba08845eb10f069aeec3e748041f8f62add0cfccc66196840aaaf8429466447b60595dc
SSDEEP

6144:TJW2HtbCVumt8ghreR/4ekzaiurrL2vhxoB5GYy:TM21CAmt8ghO/4ekCrv2Zxor

Score

10^/10

2002 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2002

download1.avira.com

jensjen.ws

karakstr.in

vutingerta.cc

lohnessin.to

mamfurtesa.pw

fullbasserts.co

likositenida.tk

rupies100.cn

kikoneen.io

lampenshutze.mn

trumphujtebevrot.bit

Attributes

base_path
/images/
dga_season
10
dns_servers
107.174.86.134
107.175.127.22
exe_type
worker
extension
.avi
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
.dll windows x64

090bd3388b9736e486e9e82b7f3b67d0

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwClose
ZwOpenProcess
ZwQueryInformationToken
NtSetInformationProcess
sprintf
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
RtlNtStatusToDosError
NtQuerySystemInformation
_wcsupr
memmove
wcscpy
_snprintf
mbstowcs
ZwQueryKey
RtlFreeUnicodeString
RtlUpcaseUnicodeString
wcstombs
RtlAdjustPrivilege
memset
_strupr
_snwprintf
memcpy
RtlImageNtHeader
NtQueryInformationThread
__C_specific_handler

kernel32

RegisterWaitForSingleObject
VirtualProtectEx
FileTimeToLocalFileTime
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceFrequency
GetLocalTime
FileTimeToSystemTime
GetComputerNameExA
GetComputerNameW
QueryPerformanceCounter
GetTempFileNameA
CreateThread
TerminateThread
GetCurrentProcessId
GetVersion
HeapAlloc
HeapFree
WaitForSingleObject
ExitThread
lstrlenW
GetLastError
ResetEvent
CloseHandle
DeleteFileW
CreateFileA
lstrlenA
WriteFile
lstrcatA
CreateDirectoryA
RemoveDirectoryA
LoadLibraryA
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetFileSize
lstrcmpA
SetWaitableTimer
CreateDirectoryW
GetTickCount
GetCurrentThread
VirtualFree
GetWindowsDirectoryA
GetCommandLineA
InitializeCriticalSection
OpenProcess
Sleep
CopyFileW
CreateEventA
LeaveCriticalSection
TerminateProcess
CreateFileW
VirtualAlloc
EnterCriticalSection
lstrcmpiW
lstrcatW
GetCurrentThreadId
DuplicateHandle
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
SwitchToThread
MapViewOfFile
UnmapViewOfFile
SetLastError
lstrcmpiA
OpenWaitableTimerA
OpenMutexA
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
UnregisterWait
TlsGetValue
LoadLibraryExW
TlsSetValue
GetVersionExA
VirtualProtect
TlsAlloc
OpenEventA
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetProcAddress
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetFileAttributesA
GetExitCodeProcess
GetFileAttributesW
CreateProcessA
CreateFileMappingA
OpenFileMappingA
lstrcpynA
GlobalLock
GlobalUnlock
LocalFree
Thread32First
Thread32Next
QueueUserAPC
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetSystemTime
SleepEx
LocalAlloc
FreeLibrary
RaiseException
DeleteCriticalSection
VirtualQuery
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
SetEndOfFile
SetFilePointer
FindFirstFileW

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

090bd3388b9736e486e9e82b7f3b67d0

Code Sign

Headers

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 5KB

.bss Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.bss
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB