ab8eabba4195df6c1ba6f845dfe49b13ab1f312cbc3887c6cc2d2f674ebec5f5_unpacked

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

ab8eabba4195df6c1ba6f845dfe49b13ab1f312cbc3887c6cc2d2f674ebec5f5_unpacked
Size

65KB
MD5

31a68df1f876b51b3c8559e950aa67d5
SHA1

1cbafeec521c4364a63b94f8cbcc83e0e33096b0
SHA256

a3b6b3e5f374af35298ee95c70797beae121405e258b0f080a6b5031aa5a1790
SHA512

0ff0824b846dc048f6070e1823fb6a80ddc0754da7612a26aece405e68397a65eaf09f2c359c5fff78bbbdb9385f0663face0d82ee0e8513233c8fa7527f7378
SSDEEP

1536:/aRMzTxMxY4TfDnuZjLykjfcCvFE8GUXZiLHsJbFofCK:/rRYDnK/1ECvHZKMJE

Score

N/A

Malware Config

Signatures

Files

ab8eabba4195df6c1ba6f845dfe49b13ab1f312cbc3887c6cc2d2f674ebec5f5_unpacked
.exe windows x86

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwOpenProcess
memcpy
RtlUpperString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
memset
ZwTerminateProcess
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
_except_handler3
KeDelayExecutionThread
KeInsertQueueApc
KeInitializeApc
strchr
RtlInitAnsiString
RtlImageDirectoryEntryToData
ProbeForRead
ProbeForWrite
MmIsAddressValid
ObfDereferenceObject
PsCreateSystemThread
ObOpenObjectByPointer
PsLookupProcessByProcessId
wcsstr
_wcslwr
wcsrchr
ZwOpenFile
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
ExAllocatePool
ZwQueryInformationProcess
ZwClose
RtlEqualUnicodeString
IofCompleteRequest
KeQuerySystemTime
_aulldiv
_snwprintf
IoCreateDevice
RtlAppendUnicodeToString
IoCreateSymbolicLink
RtlAnsiStringToUnicodeString
IoGetLowerDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
KeTickCount
KeSetEvent
IoFreeIrp
IoFreeMdl
MmUnlockPages
KeWaitForSingleObject
IofCallDriver
KeInitializeEvent
MmProbeAndLockPages
IoAllocateIrp
memmove
RtlInitUnicodeString
IoDeleteSymbolicLink
ExRegisterCallback
ExCreateCallback
IoDeleteDevice
ExUnregisterCallback
KeInitializeMutex
RtlTimeToTimeFields
RtlTimeFieldsToTime
KeReleaseMutex
_stricmp
ZwReadFile
ZwQueryInformationFile
IoCreateDriver
ExFreePoolWithTag
ZwCreateFile
ZwWriteFile
ZwDeviceIoControlFile
ExAllocatePoolWithTag
KeGetCurrentThread

hal

KfLowerIrql
KeQueryPerformanceCounter
KeRaiseIrqlToDpcLevel
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

c1b50b7fdf25b4cddc8157aad13b4958

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 752B

INIT Size: 2KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 752B

INIT
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 32KB