gozi | NEAS[.]41cb7cc0b64ce466a5d994d911f6f180_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.41cb7cc0b64ce466a5d994d911f6f180_JC.exe
Size

752KB
MD5

41cb7cc0b64ce466a5d994d911f6f180
SHA1

3fbe0a59c159db4c31da76a79abc5be651f4818f
SHA256

af5908102a3fa2c2d11b7a840c6b54dbbe04d3a79fdcb6ae4e35d49f3aafdf03
SHA512

271dcf142a09d1cf51dd90c7f42975f689d1343f755fe0ab7e2238c9a85acf4e1eaffcf023dfcc643c675d9a3490644886a63c7558ce705ff7e2b10bfcb4317f
SSDEEP

12288:/wBhHmq7dq93QKqZwe/85DLCamz5JxKCr2s3C3F2e0eqwweVwe1Bhvw:/YHI93Rq/U3pmdfK62JFpjL

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.41cb7cc0b64ce466a5d994d911f6f180_JC.exe

Files

NEAS.41cb7cc0b64ce466a5d994d911f6f180_JC.exe
.exe windows:5 windows x86

ebf76123c1fc25464cc973cb048acbab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SystemTimeToFileTime
LoadLibraryW
GetModuleHandleA
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
lstrlenW
WideCharToMultiByte
MoveFileExW
GetTempFileNameW
GetTempPathW
DeleteFileW
MoveFileW
WriteFile
ReadFile
GetFileSize
CreateFileW
SetFileAttributesW
CreateProcessW
GetModuleFileNameW
GetComputerNameA
Sleep
GetSystemTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
LocalAlloc
SetEndOfFile
WriteConsoleW
SetStdHandle
GetStringTypeW
InterlockedExchange
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
GetCurrentThreadId
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
FreeLibrary

ole32

CoCreateInstance
CoInitialize

shell32

SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathAddExtensionW
PathAppendW
PathRemoveExtensionW
PathFileExistsW
PathIsRootW

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wGJxcwtu
Size: 5KB - Virtual size: 5KB

YeKjBagF
Size: 17KB - Virtual size: 17KB

zUWJJWZz
Size: 7KB - Virtual size: 7KB

gcmgKpJt
Size: 9KB - Virtual size: 8KB

iodwgvau
Size: 1KB - Virtual size: 1KB

hIVflNOU
Size: 1024B - Virtual size: 724B

EtNyMVeP
Size: 19KB - Virtual size: 19KB

TMwZJFmM
Size: 3KB - Virtual size: 2KB

rnUHrRCy
Size: 68KB - Virtual size: 68KB

vHhNdGDy
Size: 7KB - Virtual size: 6KB

Sharing

General

Malware Config

Extracted

Signatures

Files

ebf76123c1fc25464cc973cb048acbab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shell32

shlwapi

Sections

.text Size: 248KB - Virtual size: 248KB

.data Size: 312KB - Virtual size: 334KB

.rsrc Size: 49KB - Virtual size: 49KB

wGJxcwtu Size: 5KB - Virtual size: 5KB

YeKjBagF Size: 17KB - Virtual size: 17KB

zUWJJWZz Size: 7KB - Virtual size: 7KB

gcmgKpJt Size: 9KB - Virtual size: 8KB

iodwgvau Size: 1KB - Virtual size: 1KB

hIVflNOU Size: 1024B - Virtual size: 724B

EtNyMVeP Size: 19KB - Virtual size: 19KB

TMwZJFmM Size: 3KB - Virtual size: 2KB

rnUHrRCy Size: 68KB - Virtual size: 68KB

vHhNdGDy Size: 7KB - Virtual size: 6KB

.text
Size: 248KB - Virtual size: 248KB

.data
Size: 312KB - Virtual size: 334KB

.rsrc
Size: 49KB - Virtual size: 49KB

wGJxcwtu
Size: 5KB - Virtual size: 5KB

YeKjBagF
Size: 17KB - Virtual size: 17KB

zUWJJWZz
Size: 7KB - Virtual size: 7KB

gcmgKpJt
Size: 9KB - Virtual size: 8KB

iodwgvau
Size: 1KB - Virtual size: 1KB

hIVflNOU
Size: 1024B - Virtual size: 724B

EtNyMVeP
Size: 19KB - Virtual size: 19KB

TMwZJFmM
Size: 3KB - Virtual size: 2KB

rnUHrRCy
Size: 68KB - Virtual size: 68KB

vHhNdGDy
Size: 7KB - Virtual size: 6KB