gozi_ifsb | 8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76

General

Target

8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76
Size

38KB
MD5

4a1ab739ba73ebc4c56f255b8d3393ae
SHA1

f5b3844af2bc9bb5584acc86192cf863a51162a1
SHA256

8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76
SHA512

cf7037c0c5d48bdab465dd7be8b635e2d656f409aead1fad9d749190827022cb2f2867ed676c4e21a55125050c291876ecedab7fe2187a2ea737a6a03212ce16
SSDEEP

768:oYkeGUvMIsmmTV6iX/Kkph8lxFE/JvlOIewW1wh:Se/JmIqfp4ExYeW

Score

10^/10

6000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

6000

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

8a489479c598806582f3186476614362a4b6b61ef8ead38ebb59781a36efef76
.dll regsvr32 windows x86

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA

kernel32

SetThreadAffinityMask
HeapAlloc
GetLastError
VerLanguageNameA
Sleep
GetSystemTime
SwitchToThread
HeapFree
SleepEx
GetLocaleInfoA
ExitThread
lstrlenW
GetSystemDefaultUILanguage
WaitForSingleObject
HeapCreate
InterlockedDecrement
HeapDestroy
InterlockedIncrement
CloseHandle
SetThreadPriority
GetCurrentThread
GetExitCodeThread
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
GetSystemTimeAsFileTime
SetLastError
GetModuleHandleA
VirtualProtect
OpenProcess
GetVersion
GetCurrentProcessId
CreateEventA
GetLongPathNameW
QueueUserAPC
CreateThread
TerminateThread
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc

ntdll

_snwprintf
memcpy
memset
_aulldiv
RtlUnwind
NtQueryVirtualMemory

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

Imports

shlwapi

kernel32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 604B

.bss Size: 1024B - Virtual size: 620B

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 604B

.bss
Size: 1024B - Virtual size: 620B

.reloc
Size: 28KB - Virtual size: 28KB