gozi_rm3 | a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e | Triage

Submit
Reports

Overview

overview

Static

static

a4bbf76543...2e.exe

windows7_x64

a4bbf76543...2e.exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e.exe

Resource

win7-en-20211208

gozi_rm3 202003111 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e.exe

Resource

win10v2004-en-20220113

gozi_rm3 202003111 banker persistence trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e
Size

291KB
MD5

deacce266c9fe2354585347ae32922cc
SHA1

86d4cc7b5b821806c4ef8c9bec71da293fdfd323
SHA256

a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e
SHA512

3ef1793f98cce22d7e3d6743d718a19341b31a0a6d5ee18ebce4efa71f5d5c8c1a036a7e4706a5e9a4688d9abc553262003a1bf385d551ba596d6db917680d31
SSDEEP

1536:FoeqI98pX2SADuJJD9CHTK5UYQRmS6t0F:meqC8JhJBCzKVQR

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854

Signatures

Gozi_rm3 family
gozi_rm3

Files

a4bbf7654331415c4f7d0306066ececa014a27d706deca83bd7113ad4cd28d2e
.exe windows x86

c7f457269137f2e5ebe199ab9f32eada

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetCurrentThread
WaitForSingleObject
GetModuleHandleA
ExitProcess
lstrlenW
lstrlenA
HeapAlloc
HeapFree
CreateEventA
GetLastError
CloseHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleW
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy