gozi_ifsb | 1f0000[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

1f0000.dll

windows7-x64

1

1f0000.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

10101 gozi_ifsb

1 signatures

Behavioral task

behavioral1

Sample

1f0000.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f0000.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

1f0000.dll
Size

43KB
MD5

0e7b6545fb55879769205ed817d30641
SHA1

36873e6314a9031a1379630bbc8283724c8cd53a
SHA256

3ba96e7cee31d8dd25283c4edc6cac201c6dd081b779a03222affd4bc4f7f28b
SHA512

b96402754dbe3d0386fed7ed2a68d090d3b458cc75c46c11d903bd21ab1a98e53a9fc9ef0d91f65015cb85f843f75b1991623eefc50b1f19465db587d80b8d7a
SSDEEP

768:xlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4jDMQ6lvVp:xlYhzJ2VQEFf/2VYuAZOzYDMQyH

Score

10^/10

10101 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

10101

C2

trackingg-protectioon.cdn1.mozilla.net

185.240.103.79

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

Attributes

base_path
/uploaded/
build
250240
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

1f0000.dll
.dll windows x86

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy