6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046 | Triage

Submit
Reports

Overview

overview

3

Static

static

6382f2489e...46.exe

windows7-x64

3

6382f2489e...46.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

600 seconds

Behavioral task

behavioral2

Sample

6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

600 seconds

Errors

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046
Size

88KB
MD5

dfe45633d3179c9b430236508aedb950
SHA1

eada25f166fdfc4c70e0c03c3d5502da7d6515e0
SHA256

6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046
SHA512

86cf234077db81f72a9fcf4523b3512f309109661aaa1d2bcd833f011683052f93abff2310abd92cdb20e471501918aedfa8a5e5da06819c1022e4d252f5fc70
SSDEEP

1536:tfWtYfv+M9z5dvIjAZ3RPKX+qEbGdu6bStlhvUkLUWqlfh3FzX9lexecQK9EuPh1:tfY09zbvIjeUpHbAlhvHFqjFzX9lexew

Score

N/A

Malware Config

Signatures

Files

6382f2489ee677b7933a0806be8d92ac453f6ba8481d3a94044323ed21263046
.exe windows x86

c4e817efd1a914ad4bd8707614ac271d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
memcpy
RtlInitUnicodeString
memset
ZwClose
ZwReadFile
ZwWriteFile
ZwOpenFile
ZwDeviceIoControlFile
ZwCreateFile
strchr

kernel32

GetCurrentProcess
GetTickCount
VirtualFree
GetWindowsDirectoryA
OpenProcess
GetVolumeInformationA
Sleep
lstrcatA
MoveFileExA
GetProcAddress
VirtualAlloc
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
CloseHandle
GetVersion
lstrlenA
lstrcpyA
ExitProcess
GetLastError
GetCurrentProcessId

user32

wsprintfW
ExitWindowsEx
wsprintfA

advapi32

RegCloseKey
RegOpenKeyA
GetTokenInformation
RegCreateKeyA
OpenProcessToken

shell32

ShellExecuteExA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy