gozi_rm3 | 480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36 | Triage

Submit
Reports

Overview

overview

Static

static

480aba7d97...36.dll

windows7_x64

1

480aba7d97...36.dll

windows10-2004_x64

1

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36.dll

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36.dll

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

General

Target

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36
Size

68KB
MD5

0ed8dd2b31e36aa885b6b73fce19b030
SHA1

5a6b583b38bc199fe4347f21f7a470cb8ccc0788
SHA256

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36
SHA512

7081e8141feaba43d6f556356329cdd126f5f557755eb85c870471c63f7565172b3505fc1d54b6ff470b1433d9f589e52271e5f5f2f566bb5db05b2e7219370b

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300932

Signatures

Gozi_rm3 family
gozi_rm3

Files

480aba7d97bba56f63f87f3b1a3d7c4d717ac8fbe635b1b63d74df6485201f36
.dll regsvr32 windows x86

460b6e103fecb9de6ab42a22892e1ba7

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
SetLastError
GetProcAddress
HeapCreate
VirtualProtect
GetCurrentThreadId
CloseHandle
CreateThread
HeapDestroy
Sleep
GetModuleHandleA
WaitForSingleObject
GetModuleHandleW
LoadLibraryW
VirtualFree
VirtualAlloc
CreateEventA
lstrlenA
HeapAlloc
HeapFree
lstrlenW

ntdll

memcmp
memset
memcpy
RtlUnwind
NtQueryVirtualMemory

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy