gozi | 58169007c2e7a0d022bc383f9b9476fe[.]bin

General

Target

58169007c2e7a0d022bc383f9b9476fe.bin
Size

44KB
MD5

58169007c2e7a0d022bc383f9b9476fe
SHA1

5e994d1f26861a37c7b1e14338aca4117987f9ca
SHA256

082c51164b2c20ff163f2640313c81cd64a26ff9790d3570e5cde857fa93272a
SHA512

4d2eec771ad46ba524738cf4bdda3d551054a49fb790bd3eb0bf65ddace93311c34c765080a9fd8b01cc2d7b06dbf2cb302028f0647301f0dc82c8bea6c42570
SSDEEP

768:ogWi1fBVVWOftbGgrx/hRuTWrcuysItyaAybFREnV+evm1C9Mitbg:ogWi5BVVWsfV/hAq/ctyaAkFc+evm4VC

Score

10^/10

ldr4 202206061 gozi

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://gigimas.xyz

https://reaso.xyz

Attributes

host_keep_time
60
host_shift_time
60
idle_time
20
request_time
10

aes.plain

Signatures

Gozi family
gozi

Files

58169007c2e7a0d022bc383f9b9476fe.bin
.dll regsvr32 windows x86

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_allmul
memset
RtlUnwind
wcstombs
strchr
sprintf
memcmp
RtlInitUnicodeString
RtlNtStatusToDosError
RtlOemStringToUnicodeString
_snprintf
memcpy
mbstowcs
_aulldiv
NtQueryVirtualMemory

kernel32

HeapDestroy
HeapCreate
SleepEx
GetTempPathW
CreateFileW
GetFileSize
GetTempFileNameW
LoadLibraryA
SetLastError
lstrlenA
CreateProcessW
HeapFree
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
LeaveCriticalSection
WaitForSingleObject
TerminateProcess
lstrlenW
GetLastError
EnterCriticalSection
WaitForMultipleObjects
lstrcmpiW
GetModuleHandleA
GetCurrentThreadId
CloseHandle
DeleteFileW
GetSystemTime
lstrcpyA
PeekNamedPipe
WriteFile
CreateEventA
ReadFile
ResetEvent
CreatePipe
ResumeThread
lstrcpynA
InterlockedExchange
CreateMutexA
DeleteCriticalSection
ReleaseMutex
SwitchToThread
HeapAlloc
GetExitCodeProcess
FreeLibrary
WideCharToMultiByte
lstrcatA

shlwapi

StrChrW
UrlEscapeA
wnsprintfW

advapi32

RegCloseKey
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW

ole32

CreateStreamOnHGlobal

Exports

Exports

DllRegisterServer

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

Imports

ntdll

kernel32

shlwapi

advapi32

ole32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.bss Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.bss
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB