gozi | 4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC.dll
Size

144KB
MD5

4f8ff35c13bc0b82bff19a6fd8b32760
SHA1

5076af8f1a59c8fc56d405a868820676702b5b97
SHA256

135e41bbfe6a0a107cc917733714ae1fb7bf19092fb14aec4788c6136793dda2
SHA512

039cff089a58b087c6a34acbad45b39048e0ae132329068d7a044efe1a226db3e0045094fb740fab255bb96d8457fcff497503042fd1bdc7a639f86af3380a1f
SSDEEP

3072:R62geqsPhgYn3OrQTREpF6/E8ReqCoq/EgY/Wi:R3iQ1EpF0GqCoqj

Score

10^/10

isfb 1000 gozi

Malware Config

Extracted

Family

gozi

Botnet

1000

178.32.151.23

Attributes

exe_type
worker

rsa_pubkey.plain

serpent.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC.dll

Files

4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC.dll
.dll windows:4 windows x64

65ec7e8ab888d9ec7ad50eeab02bca5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

ZwOpenProcess
sprintf
ZwOpenProcessToken
ZwQueryInformationToken
strcpy
NtGetContextThread
ZwQueryInformationProcess
NtSetContextThread
wcsncat
NtMapViewOfSection
NtUnmapViewOfSection
ZwClose
RtlNtStatusToDosError
NtCreateSection
_strupr
_wcsupr
strstr
memset
wcscpy
wcstombs
mbstowcs
memcpy
RtlAdjustPrivilege
__C_specific_handler

kernel32

lstrcpynA
FileTimeToLocalFileTime
GetModuleFileNameA
CreateRemoteThread
VirtualFree
FileTimeToSystemTime
GetLocalTime
VirtualAllocEx
VirtualAlloc
OpenProcess
GetVersion
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
HeapFree
LoadLibraryA
DeleteFileA
lstrcpyA
CreateFileA
lstrcatA
lstrlenA
WriteFile
HeapAlloc
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetTickCount
Sleep
GetCurrentProcessId
CopyFileW
lstrlenW
GetTempPathA
SuspendThread
ResumeThread
CreateEventA
lstrcpyW
GetCurrentThread
GetProcAddress
SetWaitableTimer
CreateThread
GetSystemTimeAsFileTime
GetWindowsDirectoryA
GetModuleHandleA
GetCurrentProcess
lstrcatW
CreateDirectoryW
GetCurrentThreadId
DeleteFileW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateWaitableTimerA
SwitchToThread
WaitForMultipleObjects
WaitForSingleObject
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
LoadLibraryExW
SetLastError
UnregisterWait
RegisterWaitForSingleObject
WideCharToMultiByte
GetLogicalDriveStringsW
GetFileAttributesA
GetExitCodeProcess
GetFileSize
OpenFileMappingA
GetTempFileNameA
GetFileAttributesW
CreateProcessA
CreateFileMappingA
CreateFileW
GetDriveTypeW
QueueUserWorkItem
GlobalLock
GlobalUnlock
lstrcmpiA
QueueUserAPC
OpenThread
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CallNamedPipeA
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
lstrcmpW
SleepEx
InitializeCriticalSection
ResetEvent
SetEndOfFile
LocalAlloc
LocalFree
FreeLibrary
RaiseException
lstrcmpA
DeleteCriticalSection
VirtualProtect
FindNextFileA
ExpandEnvironmentStringsW
FindClose
FindFirstFileA
FindNextFileW
SetFilePointer
FindFirstFileW
ExpandEnvironmentStringsA
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
GetThreadContext

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

65ec7e8ab888d9ec7ad50eeab02bca5a

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.bss Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.bss
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 4KB