gozi | NEAS[.]fa61e0ae14de41dd48458ec3b396e340_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fa61e0ae14de41dd48458ec3b396e340_JC.exe
Size

247KB
MD5

fa61e0ae14de41dd48458ec3b396e340
SHA1

ffa1cab6fb68f5a25b2a3633b16c8041320b4cc1
SHA256

92b21a3ad0ab3e28a755cb173753976b49170ca850e5843a0b41d3b7d59c246c
SHA512

ae3abe09c2425894c6c5afd3621e6815605279eb45032fe244b4b5c6d3b012782ec6164488071e67977fc2e05b377c06f451817832fb04afadc63b178020e07e
SSDEEP

3072:jDTsdUa111d611/dGgdGb11/dGMHDNsdUa111dba1112oa11/dGiZ11/dGg:jcWa/n6/Vps/V/2Wa/nba/ta/Vp/V

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fa61e0ae14de41dd48458ec3b396e340_JC.exe

Files

NEAS.fa61e0ae14de41dd48458ec3b396e340_JC.exe
.exe windows:5 windows x86

f88d3c770d02f1520497dca88cb94609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

GetModuleFileNameW
HeapFree
GetCommandLineA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetCurrentDirectoryA
Sleep
ExitProcess
CreateProcessA
GetSystemDirectoryA
lstrcpyA
lstrcatA
GetLastError
GetNativeSystemInfo
HeapAlloc
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetProcessHeap

user32

wsprintfA

shlwapi

StrToIntA
StrStrA
StrStrIA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

pNDYTNWP
Size: 4KB - Virtual size: 3KB

rfunbfEh
Size: 65KB - Virtual size: 65KB

MptglUZK
Size: 23KB - Virtual size: 23KB

WhRTSFty
Size: 9KB - Virtual size: 8KB

lPFxREUf
Size: 1024B - Virtual size: 612B

BaJRiRgZ
Size: 1024B - Virtual size: 911B

tRjDWRna
Size: 71KB - Virtual size: 71KB

PBWTRxYy
Size: 3KB - Virtual size: 3KB

JJCePsab
Size: 9KB - Virtual size: 9KB

QRndGxas
Size: 30KB - Virtual size: 29KB

Sharing

General

Malware Config

Extracted

Signatures

Files

f88d3c770d02f1520497dca88cb94609

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shlwapi

Sections

.text Size: 4KB - Virtual size: 4KB

bss Size: - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 232B

pNDYTNWP Size: 4KB - Virtual size: 3KB

rfunbfEh Size: 65KB - Virtual size: 65KB

MptglUZK Size: 23KB - Virtual size: 23KB

WhRTSFty Size: 9KB - Virtual size: 8KB

lPFxREUf Size: 1024B - Virtual size: 612B

BaJRiRgZ Size: 1024B - Virtual size: 911B

tRjDWRna Size: 71KB - Virtual size: 71KB

PBWTRxYy Size: 3KB - Virtual size: 3KB

JJCePsab Size: 9KB - Virtual size: 9KB

QRndGxas Size: 30KB - Virtual size: 29KB

.text
Size: 4KB - Virtual size: 4KB

bss
Size: - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 232B

pNDYTNWP
Size: 4KB - Virtual size: 3KB

rfunbfEh
Size: 65KB - Virtual size: 65KB

MptglUZK
Size: 23KB - Virtual size: 23KB

WhRTSFty
Size: 9KB - Virtual size: 8KB

lPFxREUf
Size: 1024B - Virtual size: 612B

BaJRiRgZ
Size: 1024B - Virtual size: 911B

tRjDWRna
Size: 71KB - Virtual size: 71KB

PBWTRxYy
Size: 3KB - Virtual size: 3KB

JJCePsab
Size: 9KB - Virtual size: 9KB

QRndGxas
Size: 30KB - Virtual size: 29KB