gozi | 70855a2ce47a41d098654191f371425f5cbe5ef427808672c8e9adbde9b921d8

Sharing

Copy URL

Twitter E-mail

General

Target

70855a2ce47a41d098654191f371425f5cbe5ef427808672c8e9adbde9b921d8
Size

6.8MB
MD5

6c764b44fa70a6278585d73aa9628e92
SHA1

164cb720560831360e3387b49ce30661af5e00db
SHA256

70855a2ce47a41d098654191f371425f5cbe5ef427808672c8e9adbde9b921d8
SHA512

a9ce70f566a020759e1bc37f9bf704f88443fbb0b6a552e62ca4db0fee1c80caebec98bdaf037cd8eed89fe70646040335bb6ad36d38dacbdbe62c0f4a00fead
SSDEEP

98304:Ml0eMUmbMp/oC4lzgpl6caZK+YsYA5RexxbQh+ySzrA:MWe9tzYzgpl6X7/YA8ZA+DY

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70855a2ce47a41d098654191f371425f5cbe5ef427808672c8e9adbde9b921d8

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

70855a2ce47a41d098654191f371425f5cbe5ef427808672c8e9adbde9b921d8
.exe windows:6 windows x64 arch:x64

39906e0dda13f5b8742d1f6666e6a5dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ShellExecuteA

dxgi

CreateDXGIFactory

kernel32

CloseHandle
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
ReadConsoleW
ReadFile
FlushFileBuffers
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapFree
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

39906e0dda13f5b8742d1f6666e6a5dd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

dxgi

kernel32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2.2MB - Virtual size: 2.2MB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 4.5MB - Virtual size: 4.5MB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 4.5MB - Virtual size: 4.5MB