General
-
Target
FinalGozi.bin
-
Size
52KB
-
MD5
3138c578f189c2249f30f059770373ae
-
SHA1
2efcf56a8280ee8f232b7cc29fef4f312d72b23c
-
SHA256
8848de19fcd990ad9192fb701b18b5d93197ab79815adea2ffe17d0823340639
-
SHA512
bc80186224181fbd4e9b2fc54979ee6f150405ffa066d51f8e77ddcc7ba4786b39eff0ad9042413b6443673f115400a7046cd3252899e338e7d622d1e638d199
-
SSDEEP
768:HV0tqfDTBBqcaT/4x41OaQhH+wp436hxnavWNYZLfRgh0dMRPhK3D1Gc:HetqCT/40O3XpBa5ZLfRgadMeD1Gc
Malware Config
Extracted
gozi
7709
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource FinalGozi.bin
Files
-
FinalGozi.bin.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ