gozi_ifsb | 0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_x64
Size

165KB
MD5

aa81719e70b312681c258cd18540b974
SHA1

5547e6f23a9a848b434c5a0b5e0bf1d81fd94a6b
SHA256

4febb4c594048b1ec2c8cf59711bf727d89bbfdc41e63c80adb12a2ab8aece76
SHA512

97e39be324a1331200890c3255397229481d49243cdf9bed2deab9fabd5d82fbeac932abbdd63cb21d99f85d1622173557a5605f65524952a1edd63237522112
SSDEEP

3072:JAZD+WSebbdnFcftVL9t1H60KQAuNQ5AN1ozJBV/xMLiCL:JKxSe4ftVL9DDKQcqN1ozNod

Score

10^/10

1001 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

prophosthdor.su/geo_src/outer/mapst

xhroompjsapi.com/geo_src/outer/mapst

paratrenkot.su/geo_src/outer/mapst

Attributes

exe_type
worker
server_id
44

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

0a5e359d5f40d0ac9c26e51e73b39b11572cd67ee2719ca855406ad8ed3f270c_unpacked_x64
.dll windows x64

df62283bca44a03919ace510bd7094a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

sprintf
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
strcpy
NtGetContextThread
ZwQueryInformationProcess
NtSetContextThread
NtCreateSection
ZwClose
RtlNtStatusToDosError
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
wcstombs
RtlAdjustPrivilege
mbstowcs
__C_specific_handler
__chkstk

kernel32

QueueUserAPC
QueueUserWorkItem
lstrcmpW
GetModuleFileNameA
GetLocalTime
VirtualAllocEx
VirtualAlloc
GetModuleFileNameW
VirtualFree
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
SetWaitableTimer
GetCurrentProcess
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
Sleep
CopyFileW
CreateEventA
lstrlenW
GetProcAddress
lstrcatW
GetCurrentThreadId
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
InitializeCriticalSection
UnregisterWait
LoadLibraryExW
SetLastError
RegisterWaitForSingleObject
GetModuleHandleA
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateFileW
CreateFileMappingA
OpenFileMappingA
LocalFree
lstrcpynA
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetSystemTime
RemoveVectoredExceptionHandler
SleepEx
AddVectoredExceptionHandler
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
lstrcmpA
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
GetTempFileNameA
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindFirstFileW
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
OpenProcess
CreateRemoteThread
GetThreadContext
SetFilePointerEx

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

df62283bca44a03919ace510bd7094a0

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 4KB

.bss Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB