gozi | 06b2c3b5030eed6705f8fb31360ce3a3

Sharing

Copy URL Twitter E-mail

General

Target

06b2c3b5030eed6705f8fb31360ce3a3
Size

242KB
MD5

06b2c3b5030eed6705f8fb31360ce3a3
SHA1

eb56f9a08540f7ed122a6dd15b90d166cf652c34
SHA256

02d6dffa6d68fc760a18c4efe0a07846d959fe3d15bc9206bb9f0e9e50d207e8
SHA512

ccc5ba8106e6595a22b51950e0adf772e1ab5c86507fbacaa1e7e0b7370d47d73f8ed1df162ea088d8c840295a385467d23c2679ecc78963b8c294784a8e9529
SSDEEP

6144:1mnZO0GDlypHAT/cxkDyPFXkfh+3m33c56Wjak4S3S83xk:1MZOrEpHAT/cLPF0Im3s56WjaCi8u

Score

10^/10

isfb 3500 gozi

Malware Config

Extracted

Family

gozi

Botnet

3500

art.microsoftsofymicrosoftsoft.at

r23cirt55ysvtdvl.onion

fop.langoonik.com

fog.taginoka.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

apr.intoolkom.at

mas.nagonoman.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b2c3b5030eed6705f8fb31360ce3a3

Files

06b2c3b5030eed6705f8fb31360ce3a3
.dll windows:4 windows x64 arch:x64

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ZwQueryInformationToken
ZwClose
NtSetInformationProcess
sprintf
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
RtlImageNtHeader
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
ZwQueryKey
RtlUpcaseUnicodeString
RtlFreeUnicodeString
_snwprintf
_strupr
wcstombs
memcpy
memset
RtlAdjustPrivilege
NtQueryInformationThread
__C_specific_handler
__chkstk
OpenEventA
VirtualProtectEx
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
TerminateThread
CreateThread
GetCurrentProcessId
IsWow64Process
GetVersion
GetLocalTime
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapAlloc
HeapFree
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
WriteFile
lstrcatA
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitThread
TerminateProcess
GetTickCount
GetCurrentThread
lstrcmpA
Sleep
CopyFileW
CreateFileW
GetWindowsDirectoryA
DeleteFileW
EnterCriticalSection
ExitProcess
CreateDirectoryW
GetTempPathA
CreateEventA
GetCommandLineA
lstrcmpiW
WaitForSingleObject
SuspendThread
ResumeThread
LeaveCriticalSection
lstrcpyW
InitializeCriticalSection
lstrlenW
lstrcatW
SwitchToThread
SetWaitableTimer
OpenProcess
GetFileSize
GetCurrentThreadId
DuplicateHandle
MapViewOfFile
ResetEvent
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
CreateWaitableTimerA
SetLastError
lstrcmpiA
WaitForMultipleObjects
TlsGetValue
RegisterWaitForSingleObject
TlsAlloc
LoadLibraryExW
TlsSetValue
UnregisterWait
VirtualAlloc
VirtualProtect
GetTempFileNameA
RemoveVectoredExceptionHandler
VirtualFree
AddVectoredExceptionHandler
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
lstrcpynA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
SleepEx
LocalAlloc
FreeLibrary
RaiseException
VirtualQuery
DeleteCriticalSection
SetFilePointer
RemoveDirectoryW
ExpandEnvironmentStringsW
SetEndOfFile
FindClose
GetFileAttributesW
SetFilePointerEx
FindFirstFileW
FindNextFileW
GetVersionExA

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

Imports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB