gozi | 6c4463df22dba5d021888723eeb5a585c12a8c43ae5b352800dc4ee0f722b405

Sharing

Copy URL

Twitter E-mail

General

Target

6c4463df22dba5d021888723eeb5a585c12a8c43ae5b352800dc4ee0f722b405
Size

168KB
MD5

919506160ba6d0cf88cb7018c1755410
SHA1

49ff026440e403aac2abb6738b9fb42ad46ecdea
SHA256

6c4463df22dba5d021888723eeb5a585c12a8c43ae5b352800dc4ee0f722b405
SHA512

72fc023e22708506af2c455d30c252923798b42fe58e54f61dd118d0348fb953234ddd2b38d1a092d9410a35ae65bc3047fee749beab45c90639d25797fedc25
SSDEEP

3072:V2zxNCCVUopBzcb7UKtgb+thC+Y4dNdm6iBtBVcRRnQmywwE63CCZwFcTkmp:C3VUopBojeALY0zNiDcbQN137k

Score

10^/10

isfb 1001 gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

redwoodmotors.ru

pampers-globalworld.ru

pinkfloyd-mp3love.ru

sosandhelpconnect.ru

Attributes

exe_type
worker

rsa_pubkey.plain

serpent.plain

Signatures

Gozi family
gozi

Files

6c4463df22dba5d021888723eeb5a585c12a8c43ae5b352800dc4ee0f722b405
.exe windows x86

24579c2415354131738eedb5d2c8ddf9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
NtSetContextThread
NtGetContextThread
ZwQueryInformationProcess
wcstombs
NtUnmapViewOfSection
ZwClose
RtlNtStatusToDosError
NtCreateSection
memset
NtMapViewOfSection
memcpy
RtlUnwind
RtlRandom
_strupr
mbstowcs
NtQueryVirtualMemory

shlwapi

StrStrA
PathFindExtensionA
StrRChrA
StrChrA
PathCombineA

kernel32

WaitForSingleObject
CreateWaitableTimerA
SetEvent
GetTempPathA
Sleep
lstrlenA
DeleteFileA
OpenEventA
lstrcpyA
CreateEventA
FindFirstFileA
GetTickCount
lstrcmpiA
FindNextFileA
CopyFileA
HeapAlloc
SetWaitableTimer
GetWindowsDirectoryA
CreateProcessA
CloseHandle
lstrcatA
Process32First
OpenProcess
Process32Next
HeapFree
ResetEvent
GetSystemDirectoryA
CompareFileTime
GetFileTime
CreateFileA
CreateToolhelp32Snapshot
GetFileSize
GetCurrentProcess
FindClose
TerminateProcess
GetCommandLineA
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
SetFileAttributesW
DeleteFileW
GetLastError
WriteFile
GetTempFileNameA
CreateFileW
lstrcmpA
ExpandEnvironmentStringsW
SetEndOfFile
LocalFree
GetModuleFileNameW
ReadFile
GetModuleFileNameA
SetFilePointer
VirtualAllocEx
VirtualFree
VirtualAlloc
GetProcAddress
lstrlenW
GetCurrentProcessId
GetVersion
CreateRemoteThread
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
SuspendThread
ResumeThread
GetThreadContext
lstrcmpW
lstrcpynA

user32

GetShellWindow
GetWindowThreadProcessId
GetWindowDC
GetWindowRect
wsprintfA
SystemParametersInfoW

advapi32

RegEnumKeyExA
OpenProcessToken
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
RegOpenKeyExA
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA

shell32

ord92
ShellExecuteExA
ShellExecuteA

ole32

CoUninitialize
CoInitializeEx

gdiplus

GdiplusStartup
GdipDisposeImage
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipSaveImageToFile

gdi32

BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

24579c2415354131738eedb5d2c8ddf9

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

user32

advapi32

shell32

ole32

gdiplus

gdi32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.bss Size: 5KB - Virtual size: 4KB

.rsrc Size: 140KB - Virtual size: 144KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.bss
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 140KB - Virtual size: 144KB