gozi_ifsb | 10000000[.]dll

General

Target

10000000.dll
Size

39KB
MD5

624c0f25a78a671b38deae200552f636
SHA1

ff124be95fe93183cf7e140139763b2ad2126367
SHA256

ed2335f95a1cb6f627f10be64a260b7f6b07a5d9bd5e061136ea1e5110029b85
SHA512

455001678e7de3196f3af487de56bbfd5ba96af0165bce1a8e42f94cc811ee8c10952422ebd139dbdefe96d6d511fe6aaf99214ee1b919c5d40c3836cd2bdc0c
SSDEEP

768:A2QGmsx3R69vovEyRmq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuuyiO:qGBx3R6LAmqlaPGhVMq2LpeReOb2Pmpy

Score

10^/10

3000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

interstarts.top

superlist.top

internetcoca.in

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

10000000.dll
.dll regsvr32 windows x86

3e85858f9f91b022a15a56437fb6f7c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_snwprintf
memset
NtQuerySystemInformation
_aulldiv
RtlUnwind
NtQueryVirtualMemory

kernel32

SetThreadAffinityMask
CloseHandle
GetLocaleInfoA
GetSystemDefaultUILanguage
SetThreadPriority
HeapFree
Sleep
ExitThread
lstrlenW
GetLastError
VerLanguageNameA
GetExitCodeThread
HeapCreate
HeapDestroy
GetCurrentThread
SleepEx
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetModuleHandleA
GetModuleFileNameW
SetLastError
VirtualProtect
OpenProcess
CreateEventA
GetLongPathNameW
GetVersion
GetCurrentProcessId
TerminateThread
QueueUserAPC
CreateThread
GetProcAddress
LoadLibraryA
MapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

3e85858f9f91b022a15a56437fb6f7c2

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 604B

.bss Size: 1024B - Virtual size: 732B

.reloc Size: 29KB - Virtual size: 32KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 604B

.bss
Size: 1024B - Virtual size: 732B

.reloc
Size: 29KB - Virtual size: 32KB