gozi_ifsb | 25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked_x64
Size

365KB
MD5

7f3bb08e029327bf72614a321d168fc5
SHA1

11318142a225eeb3df6800123318a89128cbd64f
SHA256

315208c0c02409b64d45dbc1e09588e1fda3ff2a0919c118aa927e8168206881
SHA512

06a541ee3e3504300d4448ac9d1ff9086f5bd887df278376d5c518ccf4ab295aa399e16bc984b306e11e55d63ede18860371cd38548512d1f8c2b682db05df4e
SSDEEP

6144:FpCXhArO/UtJ3CAa2oyd8JBglTn3C0nt6e2J62hv4QpoHo0BpqnBVKXClZ5L:FpXrOM/Ha2oyd8YTn3CpP6IgQpoHo0Bk

Score

10^/10

2002 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2002

test1.ru

Attributes

build
216843
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
dga_crc
0x6f0b167a
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked_x64
.dll windows x64

febad635625fa5051db98cca6e832f1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

sscanf
_memicmp
strncpy
memmove
memcmp
RtlRandomEx
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtResumeProcess
NtQuerySystemInformation
NtSuspendProcess
NtCreateSection
ZwClose
RtlNtStatusToDosError
NtMapViewOfSection
memcpy
_snprintf
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
RtlFreeUnicodeString
RtlUpcaseUnicodeString
wcstombs
RtlImageNtHeader
RtlAdjustPrivilege
mbstowcs
strstr
isxdigit
NtUnmapViewOfSection
sprintf
__C_specific_handler
__chkstk

kernel32

GetVersionExW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
TerminateThread
IsBadReadPtr
QueueUserWorkItem
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleFileNameA
GetLocalTime
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
SetWaitableTimer
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
OpenProcess
Sleep
CopyFileW
CreateEventA
CreateFileW
lstrlenW
GetModuleHandleA
lstrcatW
GetCurrentThreadId
DuplicateHandle
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
lstrcmpA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
LeaveCriticalSection
SetLastError
lstrcmpiA
EnterCriticalSection
OpenWaitableTimerA
OpenMutexA
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
GetSystemTime
GetComputerNameW
UnregisterWait
TlsGetValue
LoadLibraryExW
TlsSetValue
RegisterWaitForSingleObject
TlsAlloc
ExitProcess
GetProcAddress
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateFileMappingA
OpenFileMappingA
LocalFree
lstrcpynA
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
QueueUserAPC
OpenThread
CreateToolhelp32Snapshot
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
RemoveVectoredExceptionHandler
SleepEx
AddVectoredExceptionHandler
OpenEventA
LocalAlloc
FreeLibrary
RaiseException
VirtualAlloc
GetModuleFileNameW
FileTimeToSystemTime
VirtualFree
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
GetTempFileNameA
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindFirstFileW
VirtualProtectEx
ResetEvent
lstrcmpiW
InitializeCriticalSection
CallNamedPipeA

iphlpapi

GetIpAddrTable
GetAdaptersAddresses
GetBestRoute

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

febad635625fa5051db98cca6e832f1d

Headers

File Characteristics

Imports

ntdll

kernel32

iphlpapi

oleaut32

Sections

.text Size: 302KB - Virtual size: 301KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 10KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 302KB - Virtual size: 301KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 10KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 4KB