gozi_rm3 | ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304 | Triage

Submit
Reports

Overview

overview

Static

static

ec367e5635...04.exe

windows7_x64

1

ec367e5635...04.exe

windows10-2004_x64

8

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

General

Target

ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304
Size

132KB
MD5

bdac9fe9afb1674c323add1bbaa75ab9
SHA1

c52dd6892f1dbbfb5b783a683401b78c0e4e2b18
SHA256

ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304
SHA512

a2adc1b7a9b8b50f4a40129492847ceb7f4ccb5f45a7cea38d710bcde3e9d6cc8b74df684fa7b5a9ddf72b4e1f4c65f91b743028f7c8f0730ed8e210d175fd9c
SSDEEP

1536:6EAF1QmwsPRhb3b8pIfAs7aR0MQuMTt52Pp+x:Tk1Qm/Ae0iLUs

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300814

Signatures

Gozi_rm3 family
gozi_rm3

Files

ec367e5635e82720c82dd9034677d2039c5225f7e90204bde718685c6a69f304
.exe windows x86

9247d7cdfe272ec9eab8c038027ce17a

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcessHeap
GetLastError
GetModuleHandleA
GetTickCount
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleW
LoadLibraryW
GetProcAddress
lstrlenW
lstrlenA
HeapAlloc
HeapFree
WaitForSingleObject
CloseHandle
CreateEventA

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 272B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy