641d39e828ed546ea55a9064b1039aeca727c5e3795bcb4cb3f80ee7e87e4b06_unpacked

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

641d39e828ed546ea55a9064b1039aeca727c5e3795bcb4cb3f80ee7e87e4b06_unpacked
Size

65KB
MD5

03b259b7f1b6b86196c08f666222e2fa
SHA1

cb58271afc965f0dfffc6276c1ff9630c3fb7f65
SHA256

398f992fdcd862fbd1403da6e0f6fcaf37c47ac8b402f55ed23bf7fe467228e4
SHA512

a44d79f03e54da0f82456b994db79f767a48c3931986636a2ef0a706a5af19bb1fabb680caac27d309ce9c34312e3fba7466d8682a4d8c0b3f3530d0d2b9cddd
SSDEEP

1536:+aRMzTxMxY4TfDnuZjLykjfcCvFPh1NI0eCn0xgRF8QpEIYc+K:+rRYDnK/1ECv/1NI07nJqb1K

Score

N/A

Malware Config

Signatures

Files

641d39e828ed546ea55a9064b1039aeca727c5e3795bcb4cb3f80ee7e87e4b06_unpacked
.exe windows x86

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenProcess
memcpy
RtlUpperString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
memset
ZwTerminateProcess
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
_except_handler3
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
strchr
RtlInitAnsiString
RtlImageDirectoryEntryToData
ProbeForRead
ProbeForWrite
MmIsAddressValid
ObfDereferenceObject
PsCreateSystemThread
ObOpenObjectByPointer
PsLookupProcessByProcessId
wcsstr
_wcslwr
wcsrchr
ZwOpenFile
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ExAllocatePool
ZwQueryInformationProcess
ZwClose
RtlEqualUnicodeString
IofCompleteRequest
KeQuerySystemTime
_aulldiv
_snwprintf
IoCreateDevice
RtlAppendUnicodeToString
IoCreateSymbolicLink
RtlAnsiStringToUnicodeString
IoGetLowerDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
KeTickCount
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
MmProbeAndLockPages
IoAllocateIrp
memmove
RtlInitUnicodeString
IoDeleteSymbolicLink
ExRegisterCallback
ExCreateCallback
IoDeleteDevice
ExUnregisterCallback
KeInitializeMutex
RtlTimeToTimeFields
RtlTimeFieldsToTime
KeReleaseMutex
_stricmp
ZwReadFile
ZwQueryInformationFile
IoCreateDriver
ExFreePoolWithTag
ZwCreateFile
ZwWriteFile
ZwDeviceIoControlFile
ExAllocatePoolWithTag
KeGetCurrentThread

hal

KfLowerIrql
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 752B

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 752B

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 31KB - Virtual size: 32KB