gozi_ifsb | a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c

General

Target

a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
Size

42KB
MD5

cdf3bdc294b699f25b8d6ff8c1a2171e
SHA1

bd28cb6aa90934cbaf6fd52c68271c4f4fffbb60
SHA256

a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
SHA512

2056e26fa5a4cb6325f6d06ac4ad00289ad7d97610621369fea194a7ba204489120b319a8dac04f1c7674a75758d8076e4b42308aa9c5c5153e4a200d72a86ee
SSDEEP

768:mIVWaRYvSzL7+S3V8F4bAxwzwbiX/b67rTVH8Rq7E1/VsO2Dna7K/UI:mIMaTCSF8Fkwwun5Hu/iza7qT

Score

10^/10

8899 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8899

C2

microsoft.com/windowsdisabler

https://technoshoper.com

https://avolebukoneh.website

http://technoshoper.com

http://avolebukoneh.website

Attributes

base_path
/glik/
build
260216
dga_season
10
exe_type
loader
extension
.lwe
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
.dll regsvr32 windows x86

7810ad7e9f1684556ca41a69627e4ce9

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_snwprintf
memset
memcpy
NtQuerySystemInformation
_aulldiv
RtlUnwind
NtQueryVirtualMemory

kernel32

SetThreadAffinityMask
CloseHandle
HeapAlloc
SetThreadPriority
Sleep
ExitThread
lstrlenW
GetLastError
GetExitCodeThread
HeapCreate
HeapDestroy
GetCurrentThread
SleepEx
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
HeapFree
GetModuleFileNameW
SetLastError
GetModuleHandleA
VirtualProtect
OpenProcess
CreateEventA
GetLongPathNameW
GetVersion
GetCurrentProcessId
TerminateThread
QueueUserAPC
CreateThread
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
MapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7810ad7e9f1684556ca41a69627e4ce9

Code Sign

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 604B

.bss Size: 1024B - Virtual size: 732B

.reloc Size: 33KB - Virtual size: 36KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 604B

.bss
Size: 1024B - Virtual size: 732B

.reloc
Size: 33KB - Virtual size: 36KB