Behavioral task
behavioral1
Sample
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll
Resource
win10v2004-20220901-en
General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000
-
Size
292KB
-
MD5
e62516c6b9eddf76a31d42ded79fca1b
-
SHA1
fbaa8fbb39d2ffd8d50c53ef5d1ee1a9be1aa2d5
-
SHA256
b94230145638440e89d1bf9e10d3f7dddae17bea673de5cdffd6ff65d38fe669
-
SHA512
ff6b321129b761094a2f955eb81c8b768b472d027d3797123152ee86d2d0b297d3f419de2351e70f3921ffa6d1711bed03bcf09ace4ef9d78831313992e3ff7e
-
SSDEEP
6144:UCGyYNuNF9Sz3QSHFg9O7VTSo5ru4d++Njdqlalwcw9QzgF4:qtkbMbFh52htIjdqglwcw9hq
Malware Config
Extracted
gozi_ifsb
2002
test1.ru
-
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
-
dga_crc
0x6f0b167a
-
exe_type
worker
-
server_id
12
Signatures
-
Gozi_ifsb family
Files
-
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 230KB - Virtual size: 230KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 13KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ