gozi_ifsb | 0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked

General

Target

0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked
Size

50KB
MD5

48c862de90f908af7040248fcfb59b1e
SHA1

cece2de01c06efcf1c3e8524cad3dbcbab7e102d
SHA256

519bb9a2fef0ef4ec71449960dc44c80bf91745263d61ab72c2bf8ae0c732048
SHA512

7622816c0048d2e152d06c2094cfc306ed03369d7967875d723c47de68e6b0f0c0957d3197c3575ea5dcbe283a68f80c5cfd7dd8eaa951a6041835974a82a7cb
SSDEEP

1536:jiOtW7hqlalXHQc1cWIyHGyzVR7fsMH57k/q:OOtW7hqlalXnuyHl7fV57k

Score

10^/10

1091 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1091

C2

pop.project-ip.co.uk

Attributes

exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

0d6014f1d2487230c3bb38f31d2742577f84fd2f2e0d97be5fb9cf28b7ab6de9_unpacked
.dll windows x86

8f04b2a4b397f8115ddeb5445e696d0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapDestroy
HeapCreate
SetEvent
OpenFileMappingA
SleepEx
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
VirtualQuery
OpenProcess
lstrcatW
GetLastError
SetWaitableTimer
CloseHandle
CreateWaitableTimerA
LocalAlloc
GetProcAddress
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
CreateThread
ResumeThread
GetCurrentProcess
GetCurrentThreadId
GetVersionExW
TerminateThread
IsWow64Process
CreateDirectoryA
GetTempPathA
GetFileSize
GetTempFileNameA
Sleep
LeaveCriticalSection
lstrlenA
lstrcpyA
lstrcatA
EnterCriticalSection
InitializeCriticalSection
GetComputerNameW
CreateEventA
ResetEvent
GetVersion
GetCurrentProcessId
lstrcpynA
lstrlenW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindClose
WriteFile
CreateFileA
FindNextFileA
lstrcmpiW
SetEndOfFile
CreateFileW
GetFileTime
CompareFileTime
lstrcpyW
CreateDirectoryW
FlushFileBuffers
FindFirstFileA
ReadFile
QueryPerformanceCounter
GetModuleHandleA
QueryPerformanceFrequency
WaitForSingleObject
VirtualAlloc

ntdll

ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
ZwClose
ZwQueryInformationProcess
mbstowcs
_snprintf
strcpy
memset
sprintf
memcpy
_aulldiv
_allmul
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8f04b2a4b397f8115ddeb5445e696d0c

Headers

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 2KB

.bss Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 2KB

.bss
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB