gozi_ifsb | 1f0000[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

1f0000.dll

windows7-x64

1

1f0000.dll

windows10-2004-x64

1

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f0000.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f0000.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

1f0000.dll
Size

43KB
MD5

c5d5bbe7532ee239898246a31f110224
SHA1

bebf6d50a0ddc048efb4e6da7eb0cf42ff21680f
SHA256

ae6a6bd412bef8f0baeddb6871bf61e0e14c15a29d6947e5dd21a2c8c3c0fd10
SHA512

e6bf38a01af969964091a9a2a2f70fe71deb44842d3e7ed02d99e0a7ed34edaddb8fb8e3789b674741baea39111cc0e13f707ec11cf7a085d1693c93bfc026b5
SSDEEP

768:JibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFDMu+AFWHuA:e7HdgfncFig5sfCQyXz1OTbDMyYHuA

Score

10^/10

5002 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5002

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes

base_path
/chupa/
build
250235
exe_type
loader
extension
.upa
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

1f0000.dll
.dll windows x86

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy