gozi_ifsb | 07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_x64
Size

373KB
MD5

11f5141faed4c8994321675b4058b02d
SHA1

bd80bc130969148288c784b8e42e623baf189686
SHA256

83dcc311540f19447378f60f85632b582b87c2ebc418d7fd1089230de201c408
SHA512

83ef17f10a014f6935e791e93672e46880615217c1b95ab1733bd00f26d7affcb9000c321d7061e187435a77f1cf73c530d98327b8e7f0a77912fd003ecb3b51
SSDEEP

6144:gEYeRMfxZX6++fT2tGtTvC9qV0Lf7O6IXo1isLOHYr5bH/:gEnMfxZX6+8SWTvCoQjGoQsCHYrZ

Score

10^/10

gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
216861

Signatures

Gozi_ifsb family
gozi_ifsb

Files

07658c673d6fef7c467c279eaacb5387b991cbdf82f0b5695a8d9117102db3fb_unpacked_x64
.dll windows x64

63a479526e221fb78fdaa477861e11b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

sscanf
_memicmp
strncpy
memmove
memcmp
RtlRandomEx
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtResumeProcess
NtQuerySystemInformation
NtSuspendProcess
NtCreateSection
ZwClose
strstr
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
_snprintf
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlImageNtHeader
wcstombs
RtlAdjustPrivilege
mbstowcs
isxdigit
sprintf
RtlNtStatusToDosError
wcscat
__C_specific_handler
__chkstk

kernel32

GetVersionExW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
TerminateThread
IsBadReadPtr
QueueUserWorkItem
FileTimeToLocalFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
GetModuleFileNameA
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
SetWaitableTimer
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
OpenProcess
Sleep
CopyFileW
CreateEventA
CreateFileW
lstrlenW
GetModuleHandleA
lstrcatW
GetCurrentThreadId
DuplicateHandle
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
lstrcmpA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
LeaveCriticalSection
SetLastError
lstrcmpiA
EnterCriticalSection
OpenWaitableTimerA
OpenMutexA
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
InitializeCriticalSection
GetComputerNameW
TlsGetValue
LoadLibraryExW
TlsSetValue
RegisterWaitForSingleObject
TlsAlloc
ExitProcess
GetProcAddress
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateFileMappingA
OpenFileMappingA
LocalFree
lstrcpynA
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
QueueUserAPC
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
GetLocalTime
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetSystemTime
RemoveVectoredExceptionHandler
SleepEx
AddVectoredExceptionHandler
OpenEventA
LocalAlloc
FreeLibrary
RaiseException
VirtualAlloc
GetModuleFileNameW
FileTimeToSystemTime
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
GetTempFileNameA
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindFirstFileW
VirtualProtectEx
ResetEvent
lstrcmpiW
UnregisterWait
ConnectNamedPipe

iphlpapi

GetIpAddrTable
GetAdaptersAddresses
GetBestRoute

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

63a479526e221fb78fdaa477861e11b5

Headers

File Characteristics

Imports

ntdll

kernel32

iphlpapi

oleaut32

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 12KB

.pdata Size: 10KB - Virtual size: 10KB

.bss Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 10KB

.bss
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 4KB