gozi | f7c5b8ea8de9aad8ea2661e79636a87a4a5949217cfbe5e97fcef4fb881701af

General

Target

f7c5b8ea8de9aad8ea2661e79636a87a4a5949217cfbe5e97fcef4fb881701af
Size

44KB
MD5

a3539bc682f39406c050e5233058c930
SHA1

084f7c19e40b13e1a46a69dc9d6feee9566b8ca5
SHA256

f7c5b8ea8de9aad8ea2661e79636a87a4a5949217cfbe5e97fcef4fb881701af
SHA512

6558d1c42a64a5ef790411e79cec345ed9045f9b4bc881cf363e6fe73a3cff98eb4e3498d38bd886f6f4258725df8077ef52528c393c587442e50bdc833ab8c6
SSDEEP

768:ZDQtVuoBVldbRUZ0wyztx/yJNCOWw6kFdn5rxGHNa8XCJcZwevy9M0tbo:ZDsVPBVld7XH/yX2eDn5rwXXzZwevyrq

Score

10^/10

ldr4 202206061 gozi

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://gigimas.xyz

https://reaso.xyz

Attributes

host_keep_time
60
host_shift_time
60
idle_time
20
request_time
10

aes.plain

Signatures

Gozi family
gozi

Files

f7c5b8ea8de9aad8ea2661e79636a87a4a5949217cfbe5e97fcef4fb881701af
.dll regsvr32 windows x86

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_allmul
memset
RtlUnwind
wcstombs
strchr
sprintf
memcmp
RtlInitUnicodeString
RtlNtStatusToDosError
RtlOemStringToUnicodeString
_snprintf
memcpy
mbstowcs
_aulldiv
NtQueryVirtualMemory

kernel32

HeapDestroy
HeapCreate
SleepEx
GetTempPathW
CreateFileW
GetFileSize
GetTempFileNameW
LoadLibraryA
SetLastError
lstrlenA
CreateProcessW
HeapFree
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
LeaveCriticalSection
WaitForSingleObject
TerminateProcess
lstrlenW
GetLastError
EnterCriticalSection
WaitForMultipleObjects
lstrcmpiW
GetModuleHandleA
GetCurrentThreadId
CloseHandle
DeleteFileW
GetSystemTime
lstrcpyA
PeekNamedPipe
WriteFile
CreateEventA
ReadFile
ResetEvent
CreatePipe
ResumeThread
lstrcpynA
InterlockedExchange
CreateMutexA
DeleteCriticalSection
ReleaseMutex
SwitchToThread
HeapAlloc
GetExitCodeProcess
FreeLibrary
WideCharToMultiByte
lstrcatA

shlwapi

StrChrW
UrlEscapeA
wnsprintfW

advapi32

RegCloseKey
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW

ole32

CreateStreamOnHGlobal

Exports

Exports

DllRegisterServer

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

Imports

ntdll

kernel32

shlwapi

advapi32

ole32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.bss Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.bss
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB