Behavioral task
behavioral1
Sample
d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb.dll
Resource
win10v2004-en-20220113
General
-
Target
d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
-
Size
42KB
-
MD5
e925c5008b817fab066c50aad00eadfb
-
SHA1
8b160a12a9709770bdea5a527bb7d1f209c26f1a
-
SHA256
d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb
-
SHA512
3123db29fbe8a9150aa84a46a9b6cbf7e2dc5e85339facbd5d666ce4cd58e2dea0abf1aff57bd3b3023a210405c17e322e1dfead79da1693e4aec618d6b8e732
-
SSDEEP
768:BbbzH0OPsyw2Ujn++vkubHdxDmKC15Ax+VRfRTOAOdcLj/:tRPBun+6nrdxDm1Kx+bfR6AOiLD
Malware Config
Extracted
gozi_ifsb
1500
apt.updateffboruse.com
app.updatebrouser.com
-
build
250211
-
exe_type
loader
-
server_id
580
Signatures
-
Gozi_ifsb family
Files
-
d3732cfb3cf320fbafcd332dcf4db90b5d306bf4e16518248a571124599e07cb.dll windows x86
5a55101162d5dd43f647d5d0d11f468d
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ord2
ord16
ord15
ord6
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ