gozi_ifsb | 0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked

Sharing

Copy URL

Twitter E-mail

General

Target

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked
Size

130KB
MD5

8116be1f07cc1f0de73734ab2818f2ce
SHA1

5caef3f91cee769ae0da9ac6bf8490ab2818c166
SHA256

18c060619d879aea7d3626644a8a4448ad802f509c26f1ec02837db675c71dc3
SHA512

4ef3e18f0da463756f68d2fbb816511a1ddca7e2272848484483bfebd1dc7de84b38fb0ce3d7e62b0054d9498ec018da84101ed0b38d0a9f45789d439d71cde0
SSDEEP

3072:3MJ5t4SXfWnqEQSy/f2qlaleOMG+tuvdBaUafK/msNXfq:cJrXfWnqd2qlalev5uvdBaUxN

Score

10^/10

1001 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

prophosthdor.su/geo_src/outer/mapst

xhroompjsapi.com/geo_src/outer/mapst

paratrenkot.su/geo_src/outer/mapst

Attributes

build
212504
exe_type
worker
server_id
44

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked
.dll windows x86

34aa25128dacfdb0312aa6f4a17c2a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

sprintf
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
strcpy
NtGetContextThread
ZwQueryInformationProcess
NtSetContextThread
NtCreateSection
ZwClose
RtlNtStatusToDosError
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
wcstombs
RtlAdjustPrivilege
mbstowcs
_aulldiv
_allmul
_chkstk
RtlUnwind
NtQueryVirtualMemory

kernel32

QueueUserAPC
QueueUserWorkItem
lstrcmpW
GetModuleFileNameA
GetLocalTime
VirtualAllocEx
VirtualAlloc
GetModuleFileNameW
VirtualFree
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
SetEvent
GetTickCount
HeapDestroy
HeapCreate
SetWaitableTimer
GetCurrentProcess
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
Sleep
CopyFileW
CreateEventA
lstrlenW
InterlockedExchange
GetProcAddress
lstrcatW
GetCurrentThreadId
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
InitializeCriticalSection
UnregisterWait
LoadLibraryExW
SetLastError
RegisterWaitForSingleObject
GetModuleHandleA
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateFileW
CreateFileMappingA
OpenFileMappingA
LocalFree
lstrcpynA
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetSystemTime
RemoveVectoredExceptionHandler
SleepEx
AddVectoredExceptionHandler
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
lstrcmpA
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
GetTempFileNameA
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindFirstFileW
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
OpenProcess
CreateRemoteThread
GetThreadContext
SetFilePointerEx

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

34aa25128dacfdb0312aa6f4a17c2a82

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 4KB

.bss Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 12KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 4KB

.bss
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 12KB