gozi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gozi.dll
Size

675KB
MD5

0acd60544d3348fa95341f10b1f26123
SHA1

52443a01d8a4f68b0971e7439e2ce0cc7f0051ff
SHA256

ebd73a3f010aa3cf01059a4c08f9f70d0d7d4d671e76d024e5dfd60b27e92a66
SHA512

e50ffaa44b9c5482201414000859ffb97ad46a4e6a1457944f32d6f9c7e840860dc66894959db3f46966023e5233291a4b144416b7f853f54c3712d47ea7d9de
SSDEEP

12288:AioSAWNEDdnKh0TmR/Y+O1J5xr35OTal8Gc9RO8p8irjWHhIxF:AiHAWa1bmR/k1J5xr5OTal8GkRL8irjV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gozi.dll

Files

gozi.dll
.dll regsvr32 windows x86

4e300a8f3074b0a71c5ff4a85e11a4d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
GetCurrentDirectoryA
CreateThread
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetCurrentDirectoryA
DeleteFileA
CreateFileMappingA
SetFileTime
OpenFileMappingA
CreateNamedPipeA
VirtualAlloc
ExitThread
TransactNamedPipe
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

Exports

Exports

DllRegisterServer
JlVE
OFQD68
WFGuxr852wU8
Wqph687sw
XNCGi34

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e300a8f3074b0a71c5ff4a85e11a4d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 411KB - Virtual size: 410KB

.data Size: 201KB - Virtual size: 203KB

.gfids Size: 512B - Virtual size: 160B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 411KB - Virtual size: 410KB

.data
Size: 201KB - Virtual size: 203KB

.gfids
Size: 512B - Virtual size: 160B

.reloc
Size: 5KB - Virtual size: 4KB