gozi_ifsb | a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e

General

Target

a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e
Size

52KB
MD5

ff93684e156bb2a37e9615f9df7311d9
SHA1

67d862a7b7f4e3cd411dd9becb1d64190d6c5c48
SHA256

a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e
SHA512

92b9af32f167fd9fc214a07a7b541c405c8fb0bbe771c485ce45a87b45c6c3c24be401878fe77821ed3afca6ff10c956e9ed36f04342054cd1098aef11485569
SSDEEP

768:5misMvCe86M3n0pgaAIIbNh8dXf1Fojg65eF6N1ew:57scQ0pgaNiL8dXfH6Sc1e

Score

10^/10

1500 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

a3412d5e4378379ff6c48dc87652e2400b74e72b99bb2fad2498d21e4213010e
.dll regsvr32 windows x86

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA

kernel32

SetThreadAffinityMask
HeapAlloc
GetLastError
VerLanguageNameA
Sleep
GetSystemTime
SwitchToThread
HeapFree
SleepEx
GetLocaleInfoA
ExitThread
lstrlenW
GetSystemDefaultUILanguage
WaitForSingleObject
HeapCreate
InterlockedDecrement
HeapDestroy
InterlockedIncrement
CloseHandle
SetThreadPriority
GetCurrentThread
GetExitCodeThread
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
GetSystemTimeAsFileTime
SetLastError
GetModuleHandleA
VirtualProtect
OpenProcess
GetVersion
GetCurrentProcessId
CreateEventA
GetLongPathNameW
QueueUserAPC
CreateThread
TerminateThread
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc

ntdll

_snwprintf
memcpy
memset
_aulldiv
RtlUnwind
NtQueryVirtualMemory

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

Imports

shlwapi

kernel32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.bss Size: 4KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: 4KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 28KB