Behavioral task
behavioral1
Sample
4248-133-0x00000000021F0000-0x00000000021FD000-memory.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4248-133-0x00000000021F0000-0x00000000021FD000-memory.dll
Resource
win10v2004-20220812-en
General
-
Target
4248-133-0x00000000021F0000-0x00000000021FD000-memory.dmp
-
Size
52KB
-
MD5
1caa55329ddf312b2a1d94f42f7c5676
-
SHA1
abb102921df990c24d2654939fcc40e6707e6240
-
SHA256
e861c0f6c325b5e0f54b9c61fb79201ba680fc3c7dd28fff93145a0a1dae8b7d
-
SHA512
7b21314c270cebcf4c674f8757db67069225389117776b1a4903102249edbcbe24112e6974ed915b28ea5b3e6d13e16a59624c8e8d20fa1c9d5ec60775b001cc
-
SSDEEP
1536:wXsPG7v/FbEuhB6e6o9bWMFMrS45QBOQ:7Psv/b0KzFMxmBb
Malware Config
Extracted
gozi
7701
checklist.skype.com
62.173.145.223
31.41.44.105
45.89.66.58
-
base_path
/drew/
-
build
250249
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
Files
-
4248-133-0x00000000021F0000-0x00000000021FD000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ