gozi_ifsb | 3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_dropper

Sharing

Copy URL

Twitter E-mail

General

Target

3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_dropper
Size

220KB
MD5

0face0c11775d4e85db776cca109e169
SHA1

57e887573c54207df8a85efddd80c97b938d989b
SHA256

703683c74b4aa27f3ecb51b3ff9e0bdce9c9b41d33b34c56a7a6c327e1058876
SHA512

336d75b1a77d2e1d299068ed04429fee0bde15ffa85e897f99786fd857744fcf43d79ecb06f0fc5aa3b7d2f6315dfba16010f80fe9f870b9a632710aa2744e75
SSDEEP

6144:kIsWPfT2U1i/UeoVTHopDY3uAYnFMXoDS/Z7vQP:h1aBa8pE3u7FMDZjM

Score

10^/10

1100 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1100

cyajon.at/krp3cmg

hipohook.cn/krp3cmg

rokolero.at/krp3cmg

arexan.at/krp3cmg

voligon.cn/krp3cmg

qwevigoc.at/krp3cmg

comerail.su/krp3cmg

boombom.at/krp3cmg

xiloker.cn/krp3cmg

xorewopa.at/krp3cmg

goinumder.su/krp3cmg

ribomoon.cn/krp3cmg

ambikooly.at/krp3cmg

therepalon.su/krp3cmg

chikoole.cn/krp3cmg

Attributes

build
214837
exe_type
worker
server_id
110

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_dropper
.exe windows x86

0bb4fad7255bba7ccb23dbc767056f7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenProcessToken
ZwOpenProcess
RtlNtStatusToDosError
memcpy
memset
NtQuerySystemInformation
ZwQueryInformationProcess
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
RtlUpcaseUnicodeString
NtCreateSection
mbstowcs
ZwQueryInformationToken
RtlFreeUnicodeString
RtlUnwind
NtQueryVirtualMemory

shlwapi

StrRChrA
PathFindExtensionA
StrChrA
PathFindExtensionW
PathCombineW
PathFindFileNameW
StrChrW
StrTrimW

kernel32

DeleteFileW
CloseHandle
CreateWaitableTimerA
SetFileAttributesW
GetTickCount
SwitchToThread
CreateProcessA
SetEvent
CreateEventA
GetProcAddress
GetLastError
lstrcatW
Sleep
HeapFree
lstrcmpiW
lstrlenW
SetWaitableTimer
HeapAlloc
GetCommandLineW
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
WaitForSingleObject
ResetEvent
GetModuleFileNameW
SuspendThread
VirtualProtectEx
ResumeThread
GetFileSize
GetTempFileNameA
CreateDirectoryA
GetTempPathA
lstrcmpA
lstrcpynA
LocalFree
WriteFile
GetVersion
GetCurrentProcessId
GetLongPathNameW
OpenProcess
ReadFile
FindClose
CreateFileW
GetModuleFileNameA
lstrcatA
CreateFileA
VirtualFree
SetLastError
lstrcmpiA
lstrcpyA
VirtualAlloc
SetFilePointer
lstrlenA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindNextFileA
SetEndOfFile
GetFileTime
CompareFileTime
lstrcpyW
CreateDirectoryW
FlushFileBuffers
FindFirstFileA

user32

wsprintfA
wsprintfW
FindWindowA

advapi32

GetSidSubAuthorityCount
RegEnumKeyExA
RegOpenKeyW
RegDeleteValueW
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
RegQueryValueExA
RegCreateKeyA
RegSetValueExW
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyA

shell32

ShellExecuteExW
ShellExecuteW
ord92

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0bb4fad7255bba7ccb23dbc767056f7e

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 196KB - Virtual size: 196KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 196KB - Virtual size: 196KB