2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f_unpacked

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f_unpacked
Size

64KB
MD5

699a65fc9571b809e0a183561dabe017
SHA1

b21e347ab26f6d9fb9549f748e817bd1ada1e833
SHA256

2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f
SHA512

384511197f8070e40b436b42892a00f841bdf45b494145d7be02231b6a8ea9ab3ac61cf80fdc9deec2f80f8d56f330824c31a78f01f59b642eb46d333dca945b
SSDEEP

1536:TaRMzTxMxY4TfDnuZjLykjfcCvFecgWZMeiejQ23Cn/2I:TrRYDnK/1ECvgcgNzF/2

Score

N/A

Malware Config

Signatures

Files

2eb987a6a889a82d07bc848e011c509b6e2f2a9cbb6b62634359e988f37aad1f_unpacked
.exe windows x86

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenProcess
memcpy
RtlUpperString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
memset
ZwTerminateProcess
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
_except_handler3
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
strchr
RtlInitAnsiString
RtlImageDirectoryEntryToData
ProbeForRead
ProbeForWrite
MmIsAddressValid
ObfDereferenceObject
PsCreateSystemThread
ObOpenObjectByPointer
PsLookupProcessByProcessId
wcsstr
_wcslwr
wcsrchr
ZwOpenFile
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ExAllocatePool
ZwQueryInformationProcess
ZwClose
RtlEqualUnicodeString
IofCompleteRequest
KeQuerySystemTime
_aulldiv
_snwprintf
IoCreateDevice
RtlAppendUnicodeToString
IoCreateSymbolicLink
RtlAnsiStringToUnicodeString
IoGetLowerDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
KeTickCount
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
MmProbeAndLockPages
IoAllocateIrp
memmove
RtlInitUnicodeString
IoDeleteSymbolicLink
ExRegisterCallback
ExCreateCallback
IoDeleteDevice
ExUnregisterCallback
KeInitializeMutex
RtlTimeToTimeFields
RtlTimeFieldsToTime
KeReleaseMutex
_stricmp
ZwReadFile
ZwQueryInformationFile
IoCreateDriver
ExFreePoolWithTag
ZwCreateFile
ZwWriteFile
ZwDeviceIoControlFile
ExAllocatePoolWithTag
KeGetCurrentThread

hal

KfLowerIrql
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 752B

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 752B

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 31KB - Virtual size: 32KB