Behavioral task
behavioral1
Sample
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994.dll
Resource
win10v2004-en-20220113
General
-
Target
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
Size
64KB
-
MD5
d7871e818a404134fcd16f5e976f8fd3
-
SHA1
3bba35f05b2077d6fe62950957b00e90ac85359a
-
SHA256
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
SHA512
f380a3009123fa979e7847a5c3318454b8fc5de12a7d9a18671cf463b3933000f48332091ca89005018bad460e2200905985655a7622f7542c771858cbd2fadf
-
SSDEEP
1536:7WFhQc1KGDehqlalXyr/ZWE+LXUmIfhtv5JW:inRD+qlalir/AXUmIfnRY
Malware Config
Extracted
gozi_ifsb
1100
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
730
Signatures
-
Gozi_ifsb family
Files
-
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994.dll windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ