gozi | 32137922f9895ccb2da4cfc2072e0e51

Sharing

Copy URL

Twitter E-mail

General

Target

32137922f9895ccb2da4cfc2072e0e51
Size

812KB
MD5

32137922f9895ccb2da4cfc2072e0e51
SHA1

3caa3278df48c93d8e0b7cba86b0cb4771fac1fd
SHA256

86edabc19553f9a8b1e654255f1be0066867d5096f35a03bc4479ea66f44c6d7
SHA512

7e9f5a49832ad092d0167c1b5d45fa77cfdd4291a4092d2521e8e9925d2ec885382438f8b498d317d6b07e4eb1b1f75b28202c6977a941021d7aef00c17e45b5
SSDEEP

12288:maH5RxR49LfLMI/3GLvJozrM2Fy+6sYDRS54gA:x45fLMI/VTFy+L9HA

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32137922f9895ccb2da4cfc2072e0e51

Files

32137922f9895ccb2da4cfc2072e0e51
.dll windows:4 windows x86 arch:x86

fc34ded10b4ffe0c0a7a5c6c5f69b11a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
OpenProcess
GetCurrentThread
DuplicateHandle
FlushFileBuffers
ReleaseMutex
CreateMutexA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FormatMessageA
WaitForMultipleObjects
OpenEventA
ResetEvent
GetVolumeInformationA
GetVersionExA
RemoveDirectoryA
DeviceIoControl
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetFullPathNameA
LocalFree
GetShortPathNameA
TerminateProcess
CompareStringW
CompareStringA
WriteConsoleW
GetComputerNameA
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
GetStdHandle
LCMapStringW
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetDateFormatA
GetTimeFormatA
RaiseException
GetDriveTypeA
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetTimeZoneInformation
GetLocalTime
GetCurrentProcess
SetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetCurrentProcessId
DisableThreadLibraryCalls
SetLastError
SetThreadPriority
TerminateThread
GetFileTime
SetFileTime
OutputDebugStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
GetFileSize
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
FindClose
GetModuleHandleA
GetLastError
InitializeCriticalSection
CreateEventA
ResumeThread
SetEvent
InterlockedIncrement
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
GetDiskFreeSpaceA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileA
DeleteFileA
GetVersion
GetSystemDirectoryA
GetTickCount
WriteFile
CreateFileA
ReadFile
SetFilePointer
CloseHandle
GetConsoleOutputCP
VirtualProtect

user32

ExitWindowsEx
GetForegroundWindow
EnumDisplaySettingsA
PostQuitMessage
UnregisterHotKey
RegisterHotKey
LoadCursorA
ToAsciiEx
GetKeyboardLayout
PostMessageA
wsprintfA
GetCursorPos
SetWindowLongA
IsWindow
DefWindowProcA
GetWindowLongA
CreateWindowExA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
LoadImageA
SetTimer
EnumWindows
GetKeyNameTextA
GetKeyState
GetAsyncKeyState
FindWindowA
GetWindowThreadProcessId
OpenDesktopA
OpenInputDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
GetUserObjectInformationA
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
MessageBoxA
LoadStringA
SendMessageA
DialogBoxParamA
SetDlgItemTextA
SetPropA
SetForegroundWindow
EndDialog
PostThreadMessageA
GetClassNameA
GetWindowRect
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
DestroyWindow
UnregisterClassA
RegisterClassA
LoadIconA

gdi32

GdiFlush
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteObject
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateDCA
GetStockObject
DeleteDC

advapi32

InitiateSystemShutdownA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
LogonUserA
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RevertToSelf
GetSidLengthRequired
GetTokenInformation
LookupAccountSidA
ImpersonateLoggedOnUser
DuplicateToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
SHLoadInProc

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
StringFromCLSID
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
IAlloc
QueueMemory

Sections

.text
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fc34ded10b4ffe0c0a7a5c6c5f69b11a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 492KB - Virtual size: 488KB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 56KB - Virtual size: 53KB

.shared Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 492KB - Virtual size: 488KB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 56KB - Virtual size: 53KB

.shared
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 32KB - Virtual size: 31KB