gozi_ifsb | 056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5

Sharing

Copy URL

Twitter E-mail

General

Target

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5
Size

350KB
MD5

3f65f241981377c60c4f96e43f2925c3
SHA1

6f11358676bc96c1062858739904f955996906f4
SHA256

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5
SHA512

a02f051946afddd0034db22539f73d5639a8e57f0c5c19fa355f1e198691f83fc7df95c208c4330838a84265b5aaba6eac72f698e6307455d8561f621b6d005d
SSDEEP

6144:n5gNwmDoctwXekY4no0zbbRzpBwmZm+72dCMKB7QNk3VcXaO:kknXekNoYJzLids7Ak3VEN

Score

10^/10

1000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5
.exe windows x86

97e7dbe1f62d5f3ed19071d3a69aff1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryInformationProcess
ZwOpenProcessToken
memset
NtQueryVirtualMemory
RtlUnwind
NtQuerySystemInformation
RtlNtStatusToDosError
ZwOpenProcess
memcpy
ZwQueryInformationToken
ZwClose
mbstowcs
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
RtlFreeUnicodeString
RtlUpcaseUnicodeString

shlwapi

StrStrIA
StrChrA
StrChrW
PathFindExtensionA
PathCombineW
StrTrimW
PathFindExtensionW
StrRChrA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

kernel32

SetFileAttributesW
SetEvent
lstrcpyA
Sleep
lstrlenW
SetEndOfFile
CreateEventA
FlushFileBuffers
FindNextFileA
FindFirstFileA
GetLastError
lstrcmpiW
HeapAlloc
GetCommandLineW
GetProcAddress
SetWaitableTimer
lstrcatW
GetFileTime
FindClose
CompareFileTime
WriteFile
CreateProcessA
ResetEvent
HeapFree
DeleteFileW
CreateWaitableTimerA
CreateFileW
CreateDirectoryW
lstrcatA
lstrcpyW
VirtualProtectEx
ResumeThread
SuspendThread
lstrcmpA
GetTempPathA
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
CloseHandle
GetSystemTimeAsFileTime
CreateFileA
ReadFile
WaitForSingleObject
SetFilePointer
lstrlenA
GetTickCount
OpenProcess
GetFileSize
GetTempFileNameA
CreateDirectoryA
lstrcpynA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
LocalFree
GetVersion
GetLongPathNameW
CreateRemoteThread
VirtualAlloc
lstrcmpiA
GetModuleFileNameA
GetCurrentProcessId
SetLastError
VirtualFree
GetModuleFileNameW

user32

FindWindowA
wsprintfW
wsprintfA
GetCursorInfo

advapi32

RegEnumKeyExA
RegOpenKeyW
RegDeleteValueW
AllocateAndInitializeSid
SetEntriesInAclA
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorA
FreeSid
SetSecurityInfo
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExA
OpenProcessToken
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
GetTokenInformation
RegSetValueExW
RegCloseKey
SetNamedSecurityInfoA
GetSecurityInfo
RegOpenKeyExA

shell32

ord92
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

97e7dbe1f62d5f3ed19071d3a69aff1c

Headers

File Characteristics

Imports

ntdll

shlwapi

setupapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 324KB - Virtual size: 328KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 324KB - Virtual size: 328KB