gozi_ifsb | 3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_x64
Size

196KB
MD5

f677bb3ee8812c02f64b37624b6e0360
SHA1

10919b983ad9323beb331c94a2f057eaa22107b0
SHA256

713a22d40b69ce759e3860bbdae3ec2ad53a5256c573aace0e6b8d9be06ecf80
SHA512

1fdae1ca1cbf4a97acaa4b995459633668d94604d1e84f33c7ed22aa0a4f9e481586659390c8def65c41f97ddda04765987810a095d4a1cd86246d7c2fcd1e54
SSDEEP

3072:5/5JjVkzCrR73kBTWY32mUcFsE0oDeqFV8g5Du/QC2vd10nnK:5DjuzC173RY3FGoKqFN8/u0n

Score

10^/10

1100 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1100

cyajon.at/krp3cmg

hipohook.cn/krp3cmg

rokolero.at/krp3cmg

arexan.at/krp3cmg

voligon.cn/krp3cmg

qwevigoc.at/krp3cmg

comerail.su/krp3cmg

boombom.at/krp3cmg

xiloker.cn/krp3cmg

xorewopa.at/krp3cmg

goinumder.su/krp3cmg

ribomoon.cn/krp3cmg

ambikooly.at/krp3cmg

therepalon.su/krp3cmg

chikoole.cn/krp3cmg

Attributes

build
214837
exe_type
worker
server_id
110

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_x64
.dll windows x64

39d0d174d4c81f073ee2fecfff8bdac3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtQuerySystemInformation
NtMapViewOfSection
NtUnmapViewOfSection
ZwClose
RtlNtStatusToDosError
NtCreateSection
memcpy
ZwQueryInformationToken
_strupr
_wcsupr
_snprintf
wcscpy
memset
RtlUpcaseUnicodeString
ZwQueryKey
RtlFreeUnicodeString
wcstombs
RtlImageNtHeader
mbstowcs
RtlAdjustPrivilege
sprintf
__C_specific_handler
__chkstk

kernel32

lstrcpynA
lstrcmpiW
ResetEvent
GetComputerNameW
SetFilePointerEx
QueueUserWorkItem
VirtualFree
GetModuleFileNameW
GetLocalTime
VirtualAlloc
HeapAlloc
CreateDirectoryA
GetLastError
HeapFree
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
lstrcatA
WriteFile
HeapReAlloc
GetTickCount
HeapDestroy
HeapCreate
SetEvent
GetCurrentThreadId
DuplicateHandle
Sleep
CopyFileW
lstrlenW
GetCurrentThread
SetWaitableTimer
GetSystemTimeAsFileTime
CreateEventA
DeleteFileW
GetWindowsDirectoryA
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateDirectoryW
GetModuleHandleA
CreateThread
OpenProcess
SwitchToThread
lstrcatW
CreateFileW
WaitForMultipleObjects
SetLastError
lstrcmpiA
WaitForSingleObject
lstrcmpA
CreateMutexA
OpenWaitableTimerA
OpenMutexA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetVersionExA
CreateWaitableTimerA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TlsAlloc
RegisterWaitForSingleObject
TlsGetValue
LoadLibraryExW
TlsSetValue
UnregisterWait
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
GetFileSize
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
AddVectoredExceptionHandler
SleepEx
OpenEventA
RemoveVectoredExceptionHandler
LocalAlloc
FreeLibrary
RaiseException
GetModuleFileNameA
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
FindClose
GetTempFileNameA
FindNextFileW
SetEndOfFile
SetFilePointer
RemoveDirectoryW
FindFirstFileW
GetFileAttributesW
ExpandEnvironmentStringsW
VirtualProtectEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

39d0d174d4c81f073ee2fecfff8bdac3

Headers

File Characteristics

Imports

ntdll

kernel32

oleaut32

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.bss Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 4KB