gozi_ifsb | 514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_x64

Sharing

Copy URL

Twitter E-mail

General

Target

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_x64
Size

329KB
MD5

bfcb099d6757db3d1d954e5cc75f5944
SHA1

7a2466e49ad583ff1acabe54a115d2b5309ac270
SHA256

231cabbbdbe83301dcb99968347e82973ced1ddd679c54cbb676768cd1ad4121
SHA512

fd824557a8632782f33a8ea6867d2b3bcc8443c4bd991e898f56a5b5e9ba68f45daac7228bec65558389e852b2b0744011623fae9cf18ebfb8dfdba02bbd7aab
SSDEEP

6144:QofgAud4CTOOtg6Tq2CjsCnEWc57hpDXroE1A24:Qodud4WOOy6UsCrM/DXroEP4

Score

10^/10

1000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1000

rastobona.com

artefaki.com

spamhouseanilingus.ru

gazitivaton.ru

Attributes

build
200000
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

514b0d82faa73cee71e7b9323411f496be435bfe01844f9369ffb2fa8cef9d54_unpacked_x64
.dll windows x64

dca2173388e7ae03afbb3f00bc22a313

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

memcmp
memmove
NtCreateSection
NtUnmapViewOfSection
NtMapViewOfSection
RtlRandomEx
ZwQueryInformationToken
ZwOpenProcess
ZwClose
ZwOpenProcessToken
ZwQueryInformationProcess
NtResumeProcess
RtlNtStatusToDosError
NtQuerySystemInformation
NtSuspendProcess
isxdigit
memcpy
_wcsupr
_strupr
wcscpy
memset
ZwQueryKey
RtlFreeUnicodeString
RtlUpcaseUnicodeString
wcstombs
_snprintf
strcpy
sprintf
RtlImageNtHeader
RtlAdjustPrivilege
mbstowcs
strstr
sscanf
_memicmp
strncpy
__C_specific_handler
__chkstk

kernel32

TerminateThread
IsBadReadPtr
FileTimeToLocalFileTime
VirtualProtectEx
lstrcmpiW
GetModuleFileNameA
GetLocalTime
VirtualAlloc
GetModuleFileNameW
FileTimeToSystemTime
CreateRemoteThread
VirtualFree
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
SetWaitableTimer
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
Sleep
CopyFileW
CreateEventA
CreateFileW
lstrlenW
lstrcatW
GetCurrentThreadId
DeleteFileW
GetTempPathA
SuspendThread
ResumeThread
lstrcpyW
CreateThread
SwitchToThread
lstrcmpA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
SetLastError
lstrcmpiA
EnterCriticalSection
OpenWaitableTimerA
OpenMutexA
WaitForMultipleObjects
CreateMutexA
SystemTimeToTzSpecificLocalTime
CreateWaitableTimerA
InitializeCriticalSection
UnregisterWait
LoadLibraryExW
RegisterWaitForSingleObject
GetModuleHandleA
ExitProcess
OpenProcess
GetProcAddress
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetExitCodeProcess
CreateProcessA
CreateFileMappingA
OpenFileMappingA
LocalFree
lstrcpynA
TlsGetValue
TlsSetValue
TlsAlloc
GlobalLock
GlobalUnlock
Thread32First
Thread32Next
QueueUserAPC
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
GetSystemTime
RemoveVectoredExceptionHandler
SleepEx
AddVectoredExceptionHandler
OpenEventA
ResetEvent
LocalAlloc
FreeLibrary
RaiseException
GetCurrentProcessId
GetVersion
DeleteCriticalSection
VirtualProtect
ExpandEnvironmentStringsW
FindNextFileW
RemoveDirectoryW
FindClose
GetTempFileNameA
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindFirstFileW
SetFilePointerEx
ReleaseMutex
OpenThread

netapi32

NetApiBufferFree
NetWkstaGetInfo

iphlpapi

GetAdaptersAddresses
GetIpAddrTable
GetBestRoute

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dca2173388e7ae03afbb3f00bc22a313

Headers

File Characteristics

Imports

ntdll

kernel32

netapi32

iphlpapi

oleaut32

Sections

.text Size: 273KB - Virtual size: 273KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 7KB - Virtual size: 10KB

.pdata Size: 10KB - Virtual size: 9KB

.bss Size: 6KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 273KB - Virtual size: 273KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 7KB - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 9KB

.bss
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 4KB