0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked_x64

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader"

General

Target

0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked_x64
Size

112KB
MD5

1d9eb92dee117a6c39a538b2f2c50daa
SHA1

4310f5f11fb1259a6d50140959538d202d4aeca0
SHA256

deb88e78eb54a0297cd573231a8e0ddfadfced68ba4fbdc3c8ed2e035c52ed30
SHA512

1b80694d44e861e1a2b8ecdae90a7c0dd88d0b38e6155f72e55d14cf1f4ff86c79277104f9ced8714f44dfac66978153a36baf7c23faf5fc1c0b1c846868098c
SSDEEP

3072:ga3CJcJDyt3l2bOlxBuxNtTWNxltoTDP4BtKu9fj1LmbT:gayJcJfOvBuxqNxcTcK7n

Score

N/A

Malware Config

Signatures

Files

0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked_x64
.dll windows x64

f02a11a9b0977c8f6fdefcc1fe9eceea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtSetContextThread
ZwQueryInformationProcess
NtGetContextThread
ZwOpenProcessToken
ZwOpenProcess
ZwQueryInformationToken
sprintf
NtCreateSection
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosError
strstr
_strupr
strcpy
wcstombs
mbstowcs
wcscpy
memcpy
RtlAdjustPrivilege
memset
__C_specific_handler

kernel32

DeleteCriticalSection
VirtualProtect
GetModuleFileNameA
VirtualAllocEx
VirtualAlloc
OpenProcess
CreateRemoteThread
VirtualFree
SetFilePointer
GetVersion
GetComputerNameA
CreateProcessW
ResumeThread
SuspendThread
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
GetCurrentThreadId
CreateDirectoryW
GetWindowsDirectoryA
Sleep
CopyFileW
lstrlenW
GetModuleHandleA
lstrcatW
DeleteFileW
GetTempPathA
MapViewOfFile
UnmapViewOfFile
SetWaitableTimer
GetCurrentProcess
CreateEventA
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
UnregisterWait
LoadLibraryExW
WaitForSingleObject
SetLastError
RegisterWaitForSingleObject
GetFileSize
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
InitializeCriticalSection
GetFileAttributesA
GetFileAttributesW
CreateProcessA
CreateFileW
FindFirstFileA
GetTempFileNameA
FindClose
CreateFileMappingA
FindNextFileA
FindNextFileW
QueueUserWorkItem
OpenFileMappingA
CreateThread
lstrcpynA
lstrcmpA
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
GetProcAddress
QueueUserAPC
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetCurrentProcessId
GetSystemTime
lstrcmpW
SleepEx
ResetEvent
LocalAlloc
LocalFree
FreeLibrary
RaiseException
GetThreadContext
SwitchToThread
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

f02a11a9b0977c8f6fdefcc1fe9eceea

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 4KB