gozi | 6fc35881b26e45811712f90eec453b0e4e5521433bd95ecad81f42b7176b60c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc35881b26e45811712f90eec453b0e4e5521433bd95ecad81f42b7176b60c5
Size

2.8MB
MD5

86b4bb32fe2ee69412742f752565a79e
SHA1

f45a3c031c04759a86d719551c839f6c1cbb3909
SHA256

6fc35881b26e45811712f90eec453b0e4e5521433bd95ecad81f42b7176b60c5
SHA512

055d170a6c586c4f3ae7ad38563baf75b1ca8e7256b2cc714a470f987968ce60b748fa693a016c8c8b57c6e240d31832c0e33b491730509001657ae42db98314
SSDEEP

24576:X26VE3vjNsG6EhpaK3meJg7Am5f8NteGP0RESqqwBtnoLLYGB2onn36xxHYQlm3n:X233T9tQB2Bc3Fjh

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc35881b26e45811712f90eec453b0e4e5521433bd95ecad81f42b7176b60c5

Files

6fc35881b26e45811712f90eec453b0e4e5521433bd95ecad81f42b7176b60c5
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE