gozi | unpacked_gozi_sample[.]exe[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

unpacked_g...xe.dll

windows7-x64

1

unpacked_g...xe.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

unpacked_gozi_sample.exe.dll

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

unpacked_gozi_sample.exe.dll

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

unpacked_gozi_sample.exe.dll
Size

52KB
MD5

5e3679f687797e3bdf5534b64a5219ad
SHA1

e2b6875ed9b55f75db73dfb0cc55477ab9bd0345
SHA256

646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45
SHA512

b7041fd2ae3b79d492d2a5b45fc50d9d358cf7f43a16f359416e4a33c9cae656e13dfd800a51d83426610cfe8d0fbbcecd5d55bd4f878f49b900a12892a97bb0
SSDEEP

1536:3+Jqy7X7/0YOq6bTdtGpRJc5dMbD1Gcq:gqy3V6bTdIgdMX1G

Score

10^/10

isfb 5050 gozi

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201

Attributes

base_path
/jerry/
build
250255
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Files

unpacked_gozi_sample.exe.dll
.dll windows x86

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy