DllRegisterServer
Behavioral task
behavioral1
Sample
stage_2gozi.dll
Resource
win7-20230220-en
General
-
Target
stage_2gozi.dll
-
Size
39KB
-
MD5
4984b442edb1cf12523faec4ad99c4ef
-
SHA1
5387e3fad9ee5d4e894f9ed8c6867c341f6dab11
-
SHA256
69d646441885a01d2203c17d5b38c1772d0f8cb76d0a43d33d143e7a0b13f6f8
-
SHA512
e0f7a261784c295fe86b6d5ef6ad25666cb32d7b7491212a9f8fce52d7436875221b90bb58964c44c55378e4101f65d0346dfc5df087876ae89a02fedbd887f1
-
SSDEEP
768:A2SGgWkKlrFv+y5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:MGtkKlA2oKItuLn3kfsLs9/
Malware Config
Extracted
gozi
Extracted
gozi
5050
https://config.edge.skype.com
91.215.85.201
-
base_path
/jerry/
-
build
250255
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Gozi family
Files
-
stage_2gozi.dll.dll regsvr32 windows x86
3e85858f9f91b022a15a56437fb6f7c2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
_snwprintf
memset
NtQuerySystemInformation
_aulldiv
RtlUnwind
NtQueryVirtualMemory
kernel32
SetThreadAffinityMask
CloseHandle
GetLocaleInfoA
GetSystemDefaultUILanguage
SetThreadPriority
HeapFree
Sleep
ExitThread
lstrlenW
GetLastError
VerLanguageNameA
GetExitCodeThread
HeapCreate
HeapDestroy
GetCurrentThread
SleepEx
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetModuleHandleA
GetModuleFileNameW
SetLastError
VirtualProtect
OpenProcess
CreateEventA
GetLongPathNameW
GetVersion
GetCurrentProcessId
TerminateThread
QueueUserAPC
CreateThread
GetProcAddress
LoadLibraryA
MapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingW
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorA
Exports
Exports
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 735B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ