gozi_ifsb | 056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked_x64
Size

327KB
MD5

7b454c49a9bdc6795a3abab900cff981
SHA1

fc44fafb8f04311a6bab95c6d4336683621725ff
SHA256

b5c292b6a64336e0ceecafa13687b0e26f287a38b2ff8c67d450fe70a49270c9
SHA512

b1ac662115809a735a0543c65eed24fa9f4d9d52095b4a3ef5538b0a56f9a92911b9992a67386926bf12732d92228f3e4faa1b26149e2e38ed981182bedd90d3
SSDEEP

6144:gTIdP2DZGIA3nDMnVzbhT8GHoU95jsvC39+pyory5hhA:gseZwTMnJ1Ho7C39+pyorcA

Score

10^/10

1000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

056c73060f1553f213982a5bfb4d3535ef0594e1fcb70c8a67bc83e6b5d972c5_unpacked_x64
.dll windows x64

1b6c850fa221be7355a06863e61fc7f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

sscanf
_memicmp
strncpy
memmove
memcmp
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
RtlRandomEx
ZwOpenProcessToken
ZwClose
ZwQueryInformationToken
ZwOpenProcess
ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
memcpy
_strupr
_wcsupr
wcscpy
memset
RtlFreeUnicodeString
RtlUpcaseUnicodeString
ZwQueryKey
_snprintf
wcstombs
strcpy
sprintf
RtlImageNtHeader
mbstowcs
RtlAdjustPrivilege
strstr
isxdigit
__C_specific_handler
__chkstk

kernel32

IsBadReadPtr
QueueUserWorkItem
FileTimeToLocalFileTime
VirtualProtectEx
lstrcmpiW
CreateRemoteThread
VirtualFree
GetModuleFileNameW
FileTimeToSystemTime
GetLocalTime
VirtualAlloc
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
CloseHandle
LoadLibraryA
DeleteFileA
CreateFileA
lstrcpyA
lstrcatA
lstrlenA
WriteFile
HeapAlloc
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetTickCount
GetCurrentThreadId
Sleep
CopyFileW
SetWaitableTimer
GetCurrentThread
lstrlenW
GetSystemTimeAsFileTime
CreateEventA
DeleteFileW
GetWindowsDirectoryA
GetTempPathA
SuspendThread
ResumeThread
CreateDirectoryW
lstrcpyW
CreateThread
SwitchToThread
lstrcatW
CreateFileW
ReleaseMutex
WaitForSingleObject
CreateWaitableTimerA
GetComputerNameW
lstrcmpA
LeaveCriticalSection
SetLastError
lstrcmpiA
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
EnterCriticalSection
TerminateThread
CreateMutexA
OpenMutexA
InitializeCriticalSection
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
LoadLibraryExW
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
GetFileSize
lstrcpynA
TlsSetValue
TlsAlloc
TlsGetValue
GlobalUnlock
GlobalLock
OpenThread
Thread32Next
Thread32First
GetModuleFileNameA
QueueUserAPC
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
SleepEx
AddVectoredExceptionHandler
OpenEventA
RemoveVectoredExceptionHandler
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
OpenProcess
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
GetFileAttributesW
ExpandEnvironmentStringsW
FindClose
GetTempFileNameA
FindNextFileW
SetEndOfFile
SetFilePointer
RemoveDirectoryW
FindFirstFileW
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
OpenWaitableTimerA
CreateToolhelp32Snapshot

iphlpapi

GetAdaptersAddresses
GetIpAddrTable
GetBestRoute

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1b6c850fa221be7355a06863e61fc7f7

Headers

File Characteristics

Imports

ntdll

kernel32

iphlpapi

oleaut32

Sections

.text Size: 272KB - Virtual size: 272KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 7KB - Virtual size: 8KB

.pdata Size: 9KB - Virtual size: 9KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 272KB - Virtual size: 272KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 8KB

.pdata
Size: 9KB - Virtual size: 9KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 4KB