gozi_rm3 | bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff | Triage

Submit
Reports

Overview

overview

Static

static

bda6349366...ff.exe

windows7_x64

1

bda6349366...ff.exe

windows10-2004_x64

8

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff.exe

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

General

Target

bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff
Size

42KB
MD5

dc8883b0750da241b57e04517787a3c6
SHA1

3a13f537e5c9e57757efdf1e14cb8f0e47a84d2d
SHA256

bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff
SHA512

3f3f481473af75d04593c40ebc15855d42961e066842267ec20761f1aee5aa9ead74bcb59a8076c6e25d666d160fc5ec870f4e0c0af1b9a159f4b0017c4feb3b
SSDEEP

768:+x2CiBUcAFoRLy6DDx+FGp8qNawS9Fsay1aBgDPdJWmemuxig7qu:+xvWAily6DDxpGBy1a+lkmedxr7q

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300826

Signatures

Gozi_rm3 family
gozi_rm3

Files

bda6349366f68a2dd2d368f402f72a647ece657391d278e95765d68aeb880dff
.exe windows x86

40dd7ead9af3f3a42b2902c9596e64b9

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCurrentThread
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
VirtualProtect
VirtualFree
GetLastError
VirtualAlloc
GetModuleHandleW
LoadLibraryW
GetProcAddress
lstrlenW
lstrlen
HeapAlloc
HeapFree
CloseHandle
CreateEventA

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy