gozi_ifsb | 2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64
Size

186KB
MD5

b66655073329e82bc7c70dfc3b8d9072
SHA1

7de7bbff2ae7b9e6bfe65546c40ad675a03dd36b
SHA256

642c7b965505ad416589c0ae31ad737b198517e065eb8d9f65073cbcbe40a130
SHA512

d59ccf7106c9c2d73388cf479ed44572c16c128b249783153da5ad9b7446c4bef6d8cb558293a7891443f73e71a169bb385a6ce2a65e216cca8ca94e24ec87ec
SSDEEP

3072:+IrsCMRP7NViyWcrdfcP5hmhLGbHz2k/xetTogGyzTiAh3/aOJVlkJ:+IrN+JViy3dfcuLGbaptTogGutaOFkJ

Score

10^/10

1010 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1010

supportsstats.com/geodata/version/ip2ext

neteworkgroup.com/geodata/version/ip2ext

highnetwork.pw/geodata/version/ip2ext

lostnetwork.in/geodata/version/ip2ext

sysconnections.net/geodata/version/ip2ext

lansupports.com/geodata/version/ip2ext

Attributes

exe_type
worker
server_id
30

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64
.dll windows x64

a2468b6ff47ba1ec2642bfb67bab7edf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateSection
sprintf
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
ZwClose
strcpy
RtlNtStatusToDosError
NtGetContextThread
NtSetContextThread
ZwQueryInformationProcess
NtUnmapViewOfSection
memcpy
_strupr
_wcsupr
memset
wcscpy
ZwQueryKey
wcstombs
RtlImageNtHeader
mbstowcs
RtlAdjustPrivilege
NtMapViewOfSection
__C_specific_handler
__chkstk

kernel32

QueueUserAPC
SetFilePointerEx
QueueUserWorkItem
FileTimeToLocalFileTime
VirtualProtectEx
GetThreadContext
GetCurrentProcess
lstrcmpiW
lstrcmpW
GetModuleFileNameA
OpenProcess
lstrcatA
lstrlenA
WriteFile
HeapAlloc
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
CloseHandle
LoadLibraryA
DeleteFileA
lstrcpyA
CreateFileA
HeapReAlloc
GetTickCount
HeapDestroy
HeapCreate
SetEvent
GetCurrentThreadId
Sleep
CopyFileW
lstrlenW
DeleteFileW
SetWaitableTimer
GetCurrentThread
CreateEventA
GetTempPathA
GetSystemTimeAsFileTime
SuspendThread
GetWindowsDirectoryA
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
CreateDirectoryW
lstrcatW
UnmapViewOfFile
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
WaitForSingleObject
WaitForMultipleObjects
GetComputerNameW
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
InitializeCriticalSection
LoadLibraryExW
GetModuleHandleA
SetLastError
UnregisterWait
RegisterWaitForSingleObject
GetProcAddress
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
GetFileSize
CreateFileW
GetDriveTypeW
lstrcpynA
TlsAlloc
TlsGetValue
TlsSetValue
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
Thread32Next
Thread32First
CreateToolhelp32Snapshot
CreateRemoteThread
OpenThread
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
SleepEx
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
VirtualFree
GetModuleFileNameW
FileTimeToSystemTime
WriteProcessMemory
GetLocalTime
VirtualAllocEx
VirtualAlloc
ReadProcessMemory
GetCurrentProcessId
GetVersion
DeleteCriticalSection
lstrcmpA
VirtualProtect
FindNextFileW
SetEndOfFile
SetFilePointer
FindFirstFileW
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
GetTempFileNameA
FindClose

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

a2468b6ff47ba1ec2642bfb67bab7edf

Headers

File Characteristics

Imports

ntdll

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 4KB