gozi_ifsb | 07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_dropper

Sharing

Copy URL

Twitter E-mail

General

Target

07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_dropper
Size

399KB
MD5

a40bc8de4c87cd920a6a0ca32300e4fb
SHA1

92f51cf843867c9b4ce05b3e517537d8f21aac0a
SHA256

cf9d3d714e709f5190756b93414e3b7b1a3935dc17ae0178d777f924566401cd
SHA512

31a18f6b17e80447b49a8d62bf298a0953998fc733e7a17c9b1ad0a15bbcf888708627931d884f25743eb020a67ac440d79c9774684ba20180172349cdf05a56
SSDEEP

12288:+QhOMUiFC2fNqfPwn6hL4u6GyI82u/BRHg5tKkxDxt:vOMb8210Yn6ku6fYgBJFkxDx

Score

10^/10

gozi_ifsb

Malware Config

Signatures

Gozi_ifsb family
gozi_ifsb

Files

07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_dropper
.exe windows x86

b00917cbf2be38ec59d3c2e605728c21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenProcessToken
mbstowcs
memcpy
memset
ZwClose
ZwOpenProcess
ZwQueryInformationToken
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
RtlFreeUnicodeString
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
RtlUpcaseUnicodeString
RtlUnwind
_aulldiv
NtQueryVirtualMemory

shlwapi

PathCombineW
StrChrA
StrRChrA
PathFindExtensionW
PathFindFileNameW
StrStrIA
StrTrimW
StrChrW
PathFindFileNameA
PathFindExtensionA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

kernel32

SetEvent
GetTickCount
Sleep
HeapFree
GetExitCodeProcess
CreateProcessA
lstrlenW
GetLastError
GetProcAddress
ResetEvent
LoadLibraryA
lstrcmpiW
lstrcatW
DeleteFileW
CreateWaitableTimerA
SetFileAttributesW
SetWaitableTimer
HeapAlloc
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineW
ExitProcess
CloseHandle
ReadFile
GetSystemTimeAsFileTime
WaitForSingleObject
CreateFileA
CreateEventA
GetVersion
SuspendThread
VirtualProtectEx
lstrcmpA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetFileSize
FreeLibrary
lstrcpynA
QueryPerformanceFrequency
GetModuleFileNameA
lstrcmpiA
SetLastError
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcess
InitializeCriticalSection
TerminateThread
GetVersionExW
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
IsWow64Process
GetCurrentThreadId
GetCurrentProcessId
ResumeThread
CreateThread
VirtualFree
OpenProcess
GetLongPathNameW
lstrlenA
lstrcatA
DeviceIoControl
lstrcpyA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LocalFree
SetEndOfFile
CompareFileTime
CreateDirectoryW
WriteFile
CreateFileW
FlushFileBuffers
FindFirstFileA
FindClose
FindNextFileA
GetFileTime
lstrcpyW
SetFilePointer

user32

DispatchMessageW
DefWindowProcW
EndMenu
SendMessageW
GetClassWord
SetWindowsHookExW
CreateWindowExW
AppendMenuA
CreatePopupMenu
SetClassLongW
TrackPopupMenuEx
SetWinEventHook
RegisterClassExW
TranslateMessage
CallNextHookEx
PostMessageW
GetMessageW
DestroyWindow
wsprintfA
wsprintfW
GetCursorInfo

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegOpenKeyA
RegCreateKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteExW
ord92
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b00917cbf2be38ec59d3c2e605728c21

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

setupapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 3KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 366KB - Virtual size: 368KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 3KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 366KB - Virtual size: 368KB