gozi | ea63254ac5ead395ed58d18dba653b43b1fd1ccc24090abfce98c76085e4d8b5

Sharing

Copy URL Twitter E-mail

General

Target

ea63254ac5ead395ed58d18dba653b43b1fd1ccc24090abfce98c76085e4d8b5
Size

151KB
MD5

89f5e659f89ee8e33bdb6a18ca84847b
SHA1

4687a1ba38949435dfd4f1c7860a53ea92bc7f4d
SHA256

ea63254ac5ead395ed58d18dba653b43b1fd1ccc24090abfce98c76085e4d8b5
SHA512

71c29515599d0b567d9c575ab1851acf76092a24241ca56a3cfc4ddd0a953117abcb3b7779e9622afc08344b73a76e0f0dc0a17c1fdd98d7492f8336e5386287
SSDEEP

3072:oQKYmHX++D7v0CfsHcfxSVbVq0qg7Ppn8gm0moxzZNw6/w+1W9gQ6l:o5r3+w7v0uOYxkq0V7Rn00moZZP49gh

Score

10^/10

isfb 1000 gozi

Malware Config

Extracted

Family

gozi

Botnet

1000

Attributes

exe_type
worker

rsa_pubkey.plain

Signatures

Gozi family
gozi

Files

ea63254ac5ead395ed58d18dba653b43b1fd1ccc24090abfce98c76085e4d8b5
.dll windows x64

71d03ce20e1f73975f3133c6b1ff1759

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

strcpy
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
NtSetContextThread
ZwQueryInformationToken
ZwOpenProcess
ZwClose
ZwOpenProcessToken
_wcsupr
_strupr
strstr
wcscpy
memset
mbstowcs
wcstombs
RtlAdjustPrivilege
sprintf
NtCreateSection
NtUnmapViewOfSection
memcpy
NtMapViewOfSection
__C_specific_handler

kernel32

lstrcmpiW
SwitchToThread
VirtualProtectEx
GetThreadContext
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileW
WriteProcessMemory
GetModuleFileNameA
GetLocalTime
VirtualAllocEx
CreateFileA
lstrlenA
HeapAlloc
HeapFree
WriteFile
lstrcatA
CreateDirectoryA
GetLastError
RemoveDirectoryA
LoadLibraryA
CloseHandle
DeleteFileA
lstrcpyA
HeapReAlloc
SetEvent
GetTickCount
HeapDestroy
HeapCreate
GetCurrentThreadId
SetWaitableTimer
GetCurrentProcess
CreateDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
Sleep
CopyFileW
CreateEventA
lstrlenW
GetProcAddress
GetModuleHandleA
lstrcatW
DeleteFileW
GetCurrentProcessId
GetTempPathA
SuspendThread
ResumeThread
CreateThread
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
CreateWaitableTimerA
GetSystemTime
UnregisterWait
LoadLibraryExW
SetLastError
RegisterWaitForSingleObject
GetFileSize
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
GetFileAttributesA
GetFileAttributesW
CreateProcessA
CreateFileW
FindFirstFileA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
OpenFileMappingA
lstrcpyW
lstrcpynA
GlobalLock
GlobalUnlock
lstrcmpiA
Thread32First
Thread32Next
QueueUserAPC
OpenThread
CreateToolhelp32Snapshot
CallNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CancelIo
lstrcmpW
SleepEx
InitializeCriticalSection
ResetEvent
SetEndOfFile
LocalAlloc
LocalFree
FreeLibrary
RaiseException
FileTimeToSystemTime
ReadProcessMemory
OpenProcess
CreateRemoteThread
SetFilePointer
GetVersion
VirtualProtect
lstrcmpA
DeleteCriticalSection
QueueUserWorkItem
VirtualAlloc
VirtualFree

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

71d03ce20e1f73975f3133c6b1ff1759

Headers

File Characteristics

Imports

ntdll

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.bss Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.bss
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 4KB