gozi_ifsb | 514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_dropper

Sharing

Copy URL

Twitter E-mail

General

Target

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_dropper
Size

352KB
MD5

e27edfdff2db563ca367d20e0deec389
SHA1

48597d839b5560a5418cf84c5bca750aa7fd092e
SHA256

44264beecd758ab247ade0cd28db1b019af159202438a0708a956cbe4a234c44
SHA512

97a4358f3804efaa7c10f485d7b35af17a0c3dcd107f07f49da09107f86ff70d25ffdea837c723a9f63ef2ea50de299e4f22f24ea21826aef12038dfba34fc8d
SSDEEP

6144:iPSROmLBk0/s7qbnWNFJcV9z+g4dlJ2j7vn9AUovLhuDCl9L0/ePQKYFcfu:/Oos2WNDW9PMUZ2llZbMcf

Score

10^/10

1000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

rastobona.com

artefaki.com

spamhouseanilingus.ru

gazitivaton.ru

Attributes

build
200000
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_dropper
.exe windows x86

7a77a261e908b068385643415ea03a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
_chkstk
memcpy
mbstowcs
memset
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
ZwClose
ZwOpenProcess
ZwQueryInformationToken
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
RtlFreeUnicodeString
ZwOpenProcessToken
RtlUpcaseUnicodeString
NtQueryVirtualMemory

shlwapi

StrRChrA
PathFindExtensionW
PathFindFileNameW
PathFindExtensionA
StrTrimW
StrChrW
PathCombineW
StrChrA

kernel32

CreateDirectoryW
SetEvent
GetTickCount
WriteFile
Sleep
CreateEventA
GetExitCodeProcess
CreateProcessA
CreateFileW
lstrcatA
lstrlenW
FlushFileBuffers
FindFirstFileA
GetLastError
GetProcAddress
FindClose
ResetEvent
FindNextFileA
lstrcmpiW
lstrcatW
GetFileTime
CloseHandle
DeleteFileW
CreateWaitableTimerA
lstrcpyW
SetFileAttributesW
lstrcpyA
CreateThread
GetCurrentThreadId
IsWow64Process
LocalAlloc
HeapFree
CompareFileTime
SetWaitableTimer
HeapAlloc
SetEndOfFile
CreateFileA
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineW
ExitProcess
GetSystemTimeAsFileTime
WaitForSingleObject
LoadLibraryA
TerminateThread
GetTempFileNameA
InitializeCriticalSection
ResumeThread
SuspendThread
VirtualProtectEx
lstrcmpA
LocalFree
lstrcpynA
GetModuleFileNameA
VirtualAlloc
lstrcmpiA
EnterCriticalSection
SetLastError
GetModuleFileNameW
CreateRemoteThread
VirtualFree
CreateDirectoryA
ReadFile
LeaveCriticalSection
lstrlenA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OpenProcess
GetLongPathNameW
GetVersion
GetCurrentProcessId
GetFileSize
SetFilePointer
GetTempPathA

user32

DestroyWindow
GetWindowRect
PostMessageW
RegisterClassExW
SetWinEventHook
SetClassLongW
SetWindowLongW
CreateWindowExW
SetWindowsHookExW
SendMessageW
DefWindowProcW
GetCursorInfo
wsprintfA
wsprintfW
FindWindowA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteW
ord92

ole32

CoUninitialize
CoInitializeEx

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7a77a261e908b068385643415ea03a7a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

netapi32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

.bss Size: 1KB - Virtual size: 1KB

.rsrc Size: 322KB - Virtual size: 324KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 322KB - Virtual size: 324KB