gozi_ifsb | 0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked_x64
Size

61KB
MD5

3d9c14da641e84cff4d9cffd8330537e
SHA1

24573ffeee7a7ee39699cb4f16316446425df43b
SHA256

10efad7959482d08892d7e72acc341f5970c04dc5504d2fd48d02b5a0290fb1b
SHA512

2cc5e82fda3cbfde6f1dd7fc37765759ea2e1e403580cbcec7d59815eace718b7b6c55c4635c5c6c70d402423ca38e13f3c3ea34b9b71fba3ebe49ae26be8c99
SSDEEP

1536:Ar1AFUn6gevPncssmevqrHEZFose6N9w2rL:AJAFUn6gIpepFose6N9w

Score

10^/10

1091 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1091

pop.project-ip.co.uk

Attributes

exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked_x64
.dll windows x64

b809abc415765e3973a9871c56f92b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
HeapFree
HeapDestroy
HeapCreate
SetEvent
GetTickCount
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
OpenProcess
WaitForMultipleObjects
SetWaitableTimer
GetLastError
lstrcatW
CloseHandle
CreateWaitableTimerA
SleepEx
LocalAlloc
GetProcAddress
FreeLibrary
LoadLibraryA
RaiseException
GetVersionExW
TerminateThread
CreateThread
ResumeThread
GetCurrentThreadId
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetFileSize
VirtualAlloc
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
lstrcpyA
lstrcatA
lstrlenA
InitializeCriticalSection
Sleep
GetComputerNameW
ResetEvent
CreateEventA
GetVersion
GetCurrentProcessId
lstrcpynA
ExpandEnvironmentStringsW
lstrlenW
ExpandEnvironmentStringsA
CreateFileW
WriteFile
SetEndOfFile
FindNextFileA
lstrcmpiW
FlushFileBuffers
CompareFileTime
FindFirstFileA
GetFileTime
CreateDirectoryW
FindClose
CreateFileA
lstrcpyW
WaitForSingleObject
QueryPerformanceFrequency
ReadFile
QueryPerformanceCounter

ntdll

ZwQueryInformationProcess
ZwOpenProcess
ZwOpenProcessToken
ZwQueryInformationToken
ZwClose
mbstowcs
_snprintf
memset
strcpy
sprintf
memcpy
__C_specific_handler
__chkstk

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b809abc415765e3973a9871c56f92b76

Headers

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 4KB