General
-
Target
949c6b5758c2ad61236d73dbbe8dcaba9dc9ee7ff982348551a244990ac8f0b9.zip
-
Size
28KB
-
MD5
ad8d22d25b2729bad8a005a684ad3baa
-
SHA1
88a1c4c3713933b4992bf46d0c099a18b4a73b73
-
SHA256
91048c3b3c04026606edcb04fcad29063ff2138cbb8f61ca7090074ca5ad3155
-
SHA512
56ae15b87b011826815a33d884c8022e83e5d01d649938bde4a8b71cd30e27201823f3eae6eb20b958ff4661fd9bac05a7c374b48ac304b6df0170c12e2bdec4
-
SSDEEP
768:lFkhgY88YB/XzqRlkzgxSgcbV72nexpAKH:liV88YBckccHCne7AQ
Malware Config
Extracted
gozi
7712
checklist.skype.com
62.173.141.36
31.41.44.85
193.233.175.98
46.8.210.110
89.116.227.49
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/949c6b5758c2ad61236d73dbbe8dcaba9dc9ee7ff982348551a244990ac8f0b9.dll
Files
-
949c6b5758c2ad61236d73dbbe8dcaba9dc9ee7ff982348551a244990ac8f0b9.zip.zip
Password: infected
-
949c6b5758c2ad61236d73dbbe8dcaba9dc9ee7ff982348551a244990ac8f0b9.dll.dll windows x86
b1e1d582732e4e48ca192109b68c23b4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
ord2
ord16
ord15
ord6
Sections
.text Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ