gozi_ifsb | 2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7_unpacked_dropper

Sharing

Copy URL Twitter E-mail

General

Target

2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7_unpacked_dropper
Size

224KB
MD5

857393661f86202aadfb0d5e19af0c85
SHA1

08bb167b99733fec1fd607d63f5d90f3bf9cf9d1
SHA256

ec6563b8981501166aa3c48deb04cac7b0d132516e815861e678ded08b84c9ff
SHA512

ca283f0c220efb4bef0be2b7402531439f9f64383c993f8e4d850e7970c9bc3f3bb4dfb96d329c140c943d71a0b684359ee68c4ede095f0ee1161dcc38166f75
SSDEEP

6144:6Z7f0MP8cSznUA1/PBJpJYlIVdFvMDp7AVqxknh:T4LSHZ7ndtPwxWh

Score

10^/10

gozi_ifsb

Malware Config

Signatures

Gozi_ifsb family
gozi_ifsb

Files

2013911086eeba13ee90a57d81a27fabdab52e9896f0ec55e7b9aec0528c57b7_unpacked_dropper
.exe windows x86

9f3c02bcb189ca10f2ebc109767e694f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
NtCreateSection
memset
NtMapViewOfSection
NtUnmapViewOfSection
memcpy
ZwOpenProcessToken
ZwClose
ZwQueryInformationToken
ZwOpenProcess
RtlUpcaseUnicodeString
mbstowcs
RtlFreeUnicodeString
RtlUnwind
NtQueryVirtualMemory

shlwapi

PathFindExtensionW
StrChrA
StrRChrA
PathFindExtensionA
PathCombineW
PathFindFileNameW
StrChrW
StrTrimW
PathFindFileNameA

kernel32

CloseHandle
ResetEvent
LoadLibraryA
CreateWaitableTimerA
GetTickCount
SetFileAttributesW
CreateProcessA
SetEvent
CreateEventA
GetProcAddress
GetLastError
lstrcatW
Sleep
HeapFree
lstrcmpiW
lstrlenW
SetWaitableTimer
HeapAlloc
GetCommandLineW
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
WaitForSingleObject
DeleteFileW
GetLongPathNameW
GetTempFileNameA
CreateDirectoryA
GetTempPathA
GetFileSize
lstrcmpA
lstrcpynA
GetFileTime
FindNextFileA
CompareFileTime
FindClose
FindFirstFileA
OpenProcess
SuspendThread
ResumeThread
VirtualProtectEx
GetVersion
GetCurrentProcessId
LocalFree
CreateFileA
SetLastError
VirtualFree
lstrcmpiA
lstrcpyA
VirtualAlloc
SetFilePointer
lstrlenA
ReadFile
GetModuleFileNameW
CreateFileW
GetModuleFileNameA
lstrcatA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetEndOfFile
lstrcpyW
CreateDirectoryW
FlushFileBuffers
WriteFile

user32

wsprintfW
wsprintfA
GetCursorInfo

advapi32

GetTokenInformation
RegEnumKeyExA
RegOpenKeyW
RegDeleteValueW
GetSidSubAuthority
RegQueryValueExA
GetSidSubAuthorityCount
RegOpenKeyA
RegCreateKeyA
RegSetValueExW
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
OpenProcessToken

shell32

ShellExecuteExW
ord92
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3c02bcb189ca10f2ebc109767e694f

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 200KB - Virtual size: 200KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 200KB - Virtual size: 200KB