gozi_ifsb | 2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_dropper

Sharing

Copy URL

Twitter E-mail

General

Target

2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_dropper
Size

210KB
MD5

85805d82dabc0dd52887500bac553b21
SHA1

d2113a557620ab04bc5d70d17196adf4d616fc46
SHA256

6bbc933ec989233a4eebb376bb7589ec5c3c8fd949b7a822fce432313440e886
SHA512

3489b0121df37ff4da162a761de8867bab34cdf5b76a31f2987fc7303e7fa78a74fedc7d2ec780127842b0410ed2e220274164b30b177b302990bdebdac941de
SSDEEP

6144:mqkjiG4DOVwfSqlFR25owgSidd3Xy441GE3UKKz1PFB:hdfDOerzRyo9rnYGKe1PFB

Score

10^/10

1010 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1010

supportsstats.com/geodata/version/ip2ext

neteworkgroup.com/geodata/version/ip2ext

highnetwork.pw/geodata/version/ip2ext

lostnetwork.in/geodata/version/ip2ext

sysconnections.net/geodata/version/ip2ext

lansupports.com/geodata/version/ip2ext

Attributes

exe_type
worker
server_id
30

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_dropper
.exe windows x86

232b8c9519cf20690b1e45b2f354e3ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
RtlNtStatusToDosError
memset
NtGetContextThread
NtSetContextThread
ZwQueryInformationProcess
wcstombs
memcpy
RtlUnwind
_strupr
mbstowcs
RtlRandom
NtQueryVirtualMemory

shlwapi

StrStrA
PathFindExtensionA
StrChrA
PathCombineA
StrRChrA

kernel32

ResetEvent
CompareFileTime
GetSystemDirectoryA
HeapFree
CreateFileA
Process32Next
CloseHandle
Process32First
OpenProcess
lstrcatA
CreateWaitableTimerA
GetTempPathA
WaitForSingleObject
SetEvent
Sleep
DeleteFileA
GetFileTime
OpenEventA
lstrlenA
CreateEventA
FindFirstFileA
SuspendThread
GetThreadContext
lstrcmpA
FindClose
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
SetFileAttributesA
GetWindowsDirectoryA
SetWaitableTimer
HeapAlloc
GetTickCount
CopyFileA
ExpandEnvironmentStringsW
CreateFileW
FindNextFileA
lstrcmpiA
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineA
SetFileAttributesW
DeleteFileW
GetLastError
ResumeThread
VirtualProtectEx
GetCurrentProcess
lstrcpyA
SetEndOfFile
GetFileSize
WriteFile
GetTempFileNameA
LocalFree
WriteProcessMemory
GetModuleFileNameW
ReadFile
GetModuleFileNameA
ReadProcessMemory
lstrcmpW
GetVersion
GetCurrentProcessId
lstrlenW
lstrcpynA
GetProcAddress
VirtualAlloc
VirtualFree
CreateRemoteThread
VirtualAllocEx
SetFilePointer

user32

wsprintfA
SystemParametersInfoW
GetShellWindow
GetWindowRect
GetWindowThreadProcessId
GetWindowDC

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
OpenProcessToken
GetSidSubAuthorityCount
RegCloseKey
RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetTokenInformation
GetSidSubAuthority
RegOpenKeyExA
RegCreateKeyA

shell32

ShellExecuteA
ord92
ShellExecuteExA

ole32

CoInitializeEx
CoUninitialize

gdiplus

GdipSaveImageToFile
GdipGetImageEncodersSize
GdiplusStartup
GdipDisposeImage
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
DeleteDC

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

232b8c9519cf20690b1e45b2f354e3ae

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

gdiplus

gdi32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

.bss Size: 1KB - Virtual size: 1KB

.rsrc Size: 184KB - Virtual size: 188KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

.bss
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 184KB - Virtual size: 188KB