gozi | XWorm V3[.]1[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

XWorm V3.1.exe

windows10-1703-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

XWorm V3.1.exe

Resource

win10-20230220-en

asyncrat quasar v15.5.0 | c5patcher rat spyware trojan

windows10-1703-x64

14 signatures

150 seconds

General

Target

XWorm V3.1.exe
Size

7.0MB
MD5

e0b3a2c3df9a18ad71e1293a3195cadf
SHA1

f48a0d2c47f1db77457e894d4e72bb3ddd6b0691
SHA256

7786135b3cd7225c0fd83b1fc05efb702ae015d124326dfb4947d4e2addaab69
SHA512

b2c091d50902ed44f7de80ec84bff8894bee0fce5ac0e53536048ae8d6cfc0c719771dab7ae5f585cd608fe86f50d8c25219faa7daef7720d0f2b557a9af972e
SSDEEP

196608:Nn1Q6B/XKUDz9NoUXJzUWi7MYjBVvo5/km:N1FlaU/9NZXJZinjB9oxj

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Files

XWorm V3.1.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy