gozi_ifsb | 82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e

General

Target

82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
Size

56KB
MD5

0ad9430dd3f572de8cd0ca5a8abc37c0
SHA1

fbb27806ed07da6acf8703494acc1da93aac08b9
SHA256

82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
SHA512

6c6fda252eb50a62c79c73b20daaa13ef77325980eef1971fa7d2b6e0c303eee59346f63908377f3d3d921a8a22682b11016d628d695bb148a7a05109ff4db62
SSDEEP

1536:b+qwRoWyB54fT6CvV/9Yh+T9cb6f1BoF/X:bVwhy4T6C9Vm96fYFv

Score

10^/10

4500 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

4500

C2

authd.feronok.com

raw.pablowilliano.at

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

82f92ef35694c5a0767f069937181bb4d033014491a7a0b63c73396cc0c2277e
.dll regsvr32 windows x86

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA

kernel32

SetThreadAffinityMask
HeapAlloc
GetLastError
VerLanguageNameA
Sleep
GetSystemTime
SwitchToThread
HeapFree
SleepEx
GetLocaleInfoA
ExitThread
lstrlenW
GetSystemDefaultUILanguage
WaitForSingleObject
HeapCreate
InterlockedDecrement
HeapDestroy
InterlockedIncrement
CloseHandle
SetThreadPriority
GetCurrentThread
GetExitCodeThread
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
GetSystemTimeAsFileTime
SetLastError
GetModuleHandleA
VirtualProtect
OpenProcess
GetVersion
GetCurrentProcessId
CreateEventA
GetLongPathNameW
QueueUserAPC
CreateThread
TerminateThread
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc

ntdll

_snwprintf
memcpy
memset
_aulldiv
RtlUnwind
NtQueryVirtualMemory

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6645a948149623e814d378b0c62a0e68

Code Sign

Headers

File Characteristics

Imports

shlwapi

kernel32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.bss Size: 4KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: 4KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 28KB