gozi[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gozi.zip
Size

87KB
MD5

60ab02fcbe075eb166cdec2f54c77650
SHA1

2080eedfc2912b8073d10a824ab615a9a169fe97
SHA256

09abc3d2bffb109381c83310525c51f1defbb8582b8f6e9f6b448b6cece5b830
SHA512

f55cb9fda2c63c1fb65eb0f9c5113fa2c1e900989fb950ca431f4adf4ea8eb80d1e7fcaaf832b56be3cd4a8d0ec70e4f649b60e522acb6c9713355ca298e89fb
SSDEEP

1536:+kGzj0RYWsXFJEHqMyienyrF19h4XHz0QS9iHah8Mfgjfrm:dGH0RFM7EHiwF19h4X29i6h8Mom

Score

N/A

Malware Config

Signatures

Files

gozi.zip
.zip

Password: infected
44f1201b9fcd14700e89a20182115d0953f8808cb0b9ca1350f986560a366a44
.exe windows x86

da7296a8bcc4426ccac53e9aa506fd78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringW
GetCurrentProcess
Sleep
HeapReAlloc
LCMapStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
FlushFileBuffers
CloseHandle
GetFileTime
GetModuleHandleA
FindNextFileA
LocalAlloc
FindClose
GetProcAddress
SetLastError
GetLastError
FindFirstFileA
GlobalUnlock
FileTimeToSystemTime
LoadLibraryW
WriteFile
GlobalLock
HeapAlloc
SystemTimeToTzSpecificLocalTime
GetFileSize
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetCurrentThreadId
CreateFileW
GetProcessHeap
GetModuleFileNameW
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
TerminateProcess
CreateFileA

user32

DispatchMessageW
EnableScrollBar
GetWindow
CharToOemA
MessageBoxW
GetSystemMetrics
IsDlgButtonChecked
CreatePopupMenu
CheckDlgButton
GetCursorPos
GetSysColor
DefWindowProcA
GetDlgItem
EnableWindow
GetDlgItemTextA
GetDialogBaseUnits
WindowFromDC
EndPaint
ClientToScreen
GetWindowRect
GetMessageW
PostQuitMessage
FillRect
AttachThreadInput
IsWindowEnabled
wsprintfA
GetClientRect
GetWindowTextLengthA
SendMessageA
BeginPaint
GetDC
TranslateMessage
GetWindowTextA
TrackPopupMenuEx
SetRect
GetScrollInfo
MessageBoxA
ReleaseDC

gdi32

GetEnhMetaFileA
BitBlt
TextOutA
CreateFontA
GetDeviceCaps
GetEnhMetaFileHeader
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
FillRgn
SaveDC
CreateRoundRectRgn
Chord
GetObjectA
CreateDiscardableBitmap
CreateSolidBrush

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHBrowseForFolderA
DragQueryFileW
DragQueryFileA

ole32

OleGetClipboard
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetMalloc
CoCreateInstance
CoInitialize

oleaut32

OleCreatePictureIndirect
SysFreeString
VariantInit
GetErrorInfo

wininet

FtpCommandW

netapi32

NetApiBufferFree
NetShareEnum

userenv

UnregisterGPNotification
UnloadUserProfile

mpr

WNetOpenEnumA
WNetCloseEnum
WNetEnumResourceA

msi

ord117
ord122

shlwapi

PathStripPathW
PathFileExistsW
PathIsRelativeW

opengl32

wglGetCurrentDC

imm32

ImmAssociateContext

usp10

ScriptFreeCache
ScriptCacheGetHeight
ScriptGetGlyphABCWidth

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

da7296a8bcc4426ccac53e9aa506fd78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

netapi32

userenv

mpr

msi

shlwapi

opengl32

imm32

usp10

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 321KB - Virtual size: 320KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 321KB - Virtual size: 320KB