gozi_ifsb | 056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked
Size

252KB
MD5

d99789bc4f6d3ffa201d6ea46a20966a
SHA1

05ab1c70cd0ff6adcf7a2f6198aa546a2e2d1a2f
SHA256

9302114a292d350c4b14f27d8b5b3c89f42c922b6ae99fa62ef6006092e1937d
SHA512

bee09209a2c9a723d14a96999ef8d481b28117c7f64fad627abb3ff710678ba1d0f2c89d2d47958b95512570d85c0efbbef5e8240a5218f37150c1650926dace
SSDEEP

6144:5CIBILZgwtxqlal2qG1C5mIaISMFZim9PS8dggzLh7Kg0vn8tT:iLZgwtxqgl2dfISMFn9J7h7qvy

Score

10^/10

1000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked
.dll windows x86

43370804c1d067b6f206e310c28cc0df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

sscanf
strncpy
memmove
memcmp
NtUnmapViewOfSection
NtCreateSection
NtMapViewOfSection
RtlRandomEx
ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
ZwClose
ZwQueryInformationProcess
RtlNtStatusToDosError
memcpy
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
RtlFreeUnicodeString
RtlUpcaseUnicodeString
sprintf
_snprintf
wcstombs
strcpy
RtlImageNtHeader
mbstowcs
RtlAdjustPrivilege
strstr
isxdigit
_memicmp
NtQuerySystemInformation
_allmul
_aulldiv
_allshl
_chkstk
_alldiv
RtlUnwind
NtQueryVirtualMemory

kernel32

IsBadReadPtr
QueueUserWorkItem
FileTimeToLocalFileTime
VirtualProtectEx
lstrcmpiW
GetModuleFileNameW
FileTimeToSystemTime
GetModuleFileNameA
CreateRemoteThread
GetLocalTime
VirtualFree
WriteFile
CreateDirectoryA
CloseHandle
GetLastError
HeapAlloc
RemoveDirectoryA
DeleteFileA
HeapFree
lstrcpyA
LoadLibraryA
CreateFileA
lstrcatA
lstrlenA
GetTickCount
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
CreateEventA
SuspendThread
ResumeThread
GetSystemTimeAsFileTime
lstrcpyW
InterlockedExchange
GetWindowsDirectoryA
CreateThread
SwitchToThread
CreateDirectoryW
lstrcatW
GetCurrentThreadId
CreateFileW
Sleep
DeleteFileW
CopyFileW
lstrlenW
GetTempPathA
SetWaitableTimer
GetCurrentThread
lstrcmpA
WaitForMultipleObjects
lstrcmpiA
LeaveCriticalSection
MapViewOfFile
EnterCriticalSection
UnmapViewOfFile
CreateMutexA
OpenWaitableTimerA
OpenMutexA
ReleaseMutex
TerminateThread
WaitForSingleObject
GetComputerNameW
SetLastError
InitializeCriticalSection
LoadLibraryExW
GetModuleHandleA
VirtualAlloc
VirtualProtect
UnregisterWait
RegisterWaitForSingleObject
GetProcAddress
CreateFileMappingA
CreateProcessA
GetFileSize
GetDriveTypeW
OpenFileMappingA
WideCharToMultiByte
LocalFree
GetLogicalDriveStringsW
GetExitCodeProcess
lstrcpynA
TlsSetValue
TlsAlloc
TlsGetValue
GlobalLock
GlobalUnlock
QueueUserAPC
Thread32First
Thread32Next
CreateToolhelp32Snapshot
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
GetSystemTime
FlushFileBuffers
CreateNamedPipeA
CallNamedPipeA
WaitNamedPipeA
ReadFile
CancelIo
AddVectoredExceptionHandler
OpenEventA
SleepEx
RemoveVectoredExceptionHandler
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
OpenProcess
GetCurrentProcessId
GetVersion
DeleteCriticalSection
FindClose
GetTempFileNameA
SetEndOfFile
ExpandEnvironmentStringsW
SetFilePointer
FindFirstFileW
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
CreateWaitableTimerA
OpenThread

iphlpapi

GetAdaptersAddresses
GetIpAddrTable
GetBestRoute

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

43370804c1d067b6f206e310c28cc0df

Headers

File Characteristics

Imports

ntdll

kernel32

iphlpapi

oleaut32

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 5KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 16KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 5KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 16KB