gozi_rm3 | 1404-57-0x0000000010000000-0x000000001000F000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1404-57-0x...ry.dll

windows7_x64

3

1404-57-0x...ry.dll

windows10-2004_x64

3

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

1404-57-0x0000000010000000-0x000000001000F000-memory.dll

Resource

win7-20220310-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1404-57-0x0000000010000000-0x000000001000F000-memory.dll

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

General

Target

1404-57-0x0000000010000000-0x000000001000F000-memory.dmp
Size

60KB
MD5

6f67832392aba998808a19c8091067e9
SHA1

e20c18fb025ed262e19e4d37abc78320c03b3a31
SHA256

69a1681e3f4fb6b83b8e1491252c86a7b88775f913702fff9ad973459eef10f8
SHA512

cd53c502a2fc5d68938ca16f22ab9adefcd9e3496325d8808b17b2a6fde6a6d664352b4d36fa92ab137e7abd3bec8f2d8c322d89382bba6ebba11c6b04be5fc9
SSDEEP

768:TipTW17dBT+U4NejVm86fI+VTCv+PgCX3/h/mFIivEFyFBI7cEYGcw6JZSdm5:THwNI+5tPgCHZ2FyyFIsNJZS0

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300994

Signatures

Gozi_rm3 family
gozi_rm3

Files

1404-57-0x0000000010000000-0x000000001000F000-memory.dmp
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy