gozi | 646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45[.]zip

General

Target

646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45.zip
Size

28KB
MD5

275043632053fe7e857fc7d04170c39e
SHA1

a1be01fe4b56702858c4e176686a327593f02e5b
SHA256

057e29248321830650040ed04dadc60b68f38b2ae5cd2ebfb53525c6a0e1f46b
SHA512

895407378b2723d504b613cf2454fee4a73771bfd0a30b3921b35892488395faa1e31157eac28459b1a74ce947b31c1bd77e0f17067dc6cec6119feef6b66ebf
SSDEEP

768:Jse9OSfKtn277boeZ76rIl6TI3bHpnZeVDLXPrTyNgwa71Ms:JsejKtnUbvZ76rIl6TITneVvrTyNgSs

Score

10^/10

isfb 5050 gozi

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201

Attributes

rsa_pubkey.plain

aes.plain

646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45.zip
.zip

Password: infected
646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45.dll
.dll windows x86

Password: infected

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ