Behavioral task
behavioral1
Sample
unpacked_gozi_sample.exe.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
unpacked_gozi_sample.exe.dll
Resource
win10v2004-20230220-en
General
-
Target
unpacked_gozi_sample.exe.dll
-
Size
52KB
-
MD5
5e3679f687797e3bdf5534b64a5219ad
-
SHA1
e2b6875ed9b55f75db73dfb0cc55477ab9bd0345
-
SHA256
646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45
-
SHA512
b7041fd2ae3b79d492d2a5b45fc50d9d358cf7f43a16f359416e4a33c9cae656e13dfd800a51d83426610cfe8d0fbbcecd5d55bd4f878f49b900a12892a97bb0
-
SSDEEP
1536:3+Jqy7X7/0YOq6bTdtGpRJc5dMbD1Gcq:gqy3V6bTdIgdMX1G
Malware Config
Extracted
gozi
5050
https://config.edge.skype.com
91.215.85.201
-
base_path
/jerry/
-
build
250255
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Gozi family
Files
-
unpacked_gozi_sample.exe.dll.dll windows x86
b1e1d582732e4e48ca192109b68c23b4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ord2
ord16
ord15
ord6
Sections
.text Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ