gozi_ifsb | d90000[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

d90000.dll

windows7-x64

1

d90000.dll

windows10-2004-x64

1

Sharing

Static task

static1

30000 gozi_ifsb

1 signatures

Behavioral task

behavioral1

Sample

d90000.dll

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

d90000.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

d90000.dll
Size

43KB
MD5

eca07d4832195d6205fa8147a754b1c7
SHA1

56ed19c1413e29fdeed4c70ca1c0e1110e303d75
SHA256

bfe5b48438a4c2bedc4f91cf8376a29cdb99cfd14c310cccb94eededa8371ce6
SHA512

505b11ff115d033ea608f35a22eb48ade4fa81eff6435006c90f16c97a4fd02c9d336facd7a8055a34e47a6e3f732236d51e0531e31b140fa932134eaa4e2891
SSDEEP

768:7mQp7q0kzrdzjj+jVmXaKrOXNk4snxuZhTeOx1ZTVQWMyYPEub0c1B:7Np7q0WV+pmKe890QeOxzaWMyYPEu0G

Score

10^/10

30000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

30000

C2

trackingg-protectioon.cdn1.mozilla.net

185.240.103.79

weiqeqwns.com

wdeiqeqwns.com

weiqeqwens.com

weiqewqwns.com

Attributes

base_path
/uploaded/
build
250239
exe_type
loader
extension
.pct
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

d90000.dll
.dll windows x86

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy