982a7f17ad6c806c612fbe3cb8326e10e8a73fa4472249e116d20d5705129c81

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

982a7f17ad6c806c612fbe3cb8326e10e8a73fa4472249e116d20d5705129c81
Size

39KB
MD5

7876e27a0322f972d9f3b3aa95fbe290
SHA1

23e0d78cc1a627563cae0d36553103f4c658d1a9
SHA256

982a7f17ad6c806c612fbe3cb8326e10e8a73fa4472249e116d20d5705129c81
SHA512

500927ef2edc6ea59c947102f6bd99c381cc879806218441f12f9a1dd54e0550a6f4f54c5da1e74e58ee517dfd868c79b845f666c76fcb8a99de26a150ea9f7c
SSDEEP

768:D3u+P/o8AwBBQARQkzaWrPcxh4v6GnNw3LCSvmnv:DTP/o8AwBBQARTExiiGnGL2nv

Score

N/A

Malware Config

Signatures

Files

982a7f17ad6c806c612fbe3cb8326e10e8a73fa4472249e116d20d5705129c81
.exe windows x86

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeAttachProcess
KeDetachProcess
MmIsAddressValid
ObDereferenceObject
ObReferenceObjectByHandle
ObReferenceObjectByPointer
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlZeroMemory
ZwAllocateVirtualMemory
_stricmp
memcpy
strcpy
strlen
PsProcessType
MmSystemRangeStart
MmSectionObjectType
IoFileObjectType
IoAllocateMdl
IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoIsWdmVersionAvailable
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
ProbeForRead
KeServiceDescriptorTable
InterlockedExchange
ExSystemTimeToLocalTime
KeDelayExecutionThread
KeQuerySystemTime
PsCreateSystemThread
PsTerminateSystemThread
RtlLargeIntegerSubtract
ZwClose
ZwCreateKey
ZwOpenFile
ZwQueryInformationFile
ZwReadFile
ZwSetValueKey
ExAllocatePool
ExFreePool
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
ZwQuerySystemInformation
strcat
RtlCompareUnicodeString
KeWaitForSingleObject
IoGetCurrentProcess

hal

KeGetCurrentIrql

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

8aaf217572f8831b0995d2559ebad095

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 32B - Virtual size: 24B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 928B - Virtual size: 928B

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 32B - Virtual size: 24B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 928B - Virtual size: 928B

.reloc
Size: 1024B - Virtual size: 1020B