gozi | 3c9c685c1dc031960152d9f9ea2ab360

Sharing

Copy URL Twitter E-mail

General

Target

3c9c685c1dc031960152d9f9ea2ab360
Size

242KB
MD5

3c9c685c1dc031960152d9f9ea2ab360
SHA1

81bd1250506bc99cf63c2634cd0e1cebedb5414a
SHA256

ff26aca4c4abb054dabbbe7995ecdd67160b57f8876e3c4a05778e24479d14f9
SHA512

4c78b7beeb013d2d6dd2c418a921f33eb8569657641d31f893788f9cc3d4ccbcf74404fff7ce1170afa96bde86732e82781ab25642044d9b27ba7ddbecc09cdf
SSDEEP

6144:1mnZO0GDlypHAT/cxkDyPFXkfh+3m33c56Wjak4STS83x:1MZOrEpHAT/cLPF0Im3s56WjaCG8

Score

10^/10

isfb 3500 gozi

Malware Config

Extracted

Family

gozi

Botnet

3500

art.microsoftsofymicrosoftsoft.at

r23cirt55ysvtdvl.onion

fop.langoonik.com

fog.taginoka.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

apr.intoolkom.at

mas.nagonoman.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c9c685c1dc031960152d9f9ea2ab360

Files

3c9c685c1dc031960152d9f9ea2ab360
.dll windows:4 windows x64 arch:x64

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ZwQueryInformationToken
ZwClose
NtSetInformationProcess
sprintf
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
RtlImageNtHeader
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
ZwQueryKey
RtlUpcaseUnicodeString
RtlFreeUnicodeString
_snwprintf
_strupr
wcstombs
memcpy
memset
RtlAdjustPrivilege
NtQueryInformationThread
__C_specific_handler
__chkstk
OpenEventA
VirtualProtectEx
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
TerminateThread
CreateThread
GetCurrentProcessId
IsWow64Process
GetVersion
GetLocalTime
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapAlloc
HeapFree
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
WriteFile
lstrcatA
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitThread
TerminateProcess
GetTickCount
GetCurrentThread
lstrcmpA
Sleep
CopyFileW
CreateFileW
GetWindowsDirectoryA
DeleteFileW
EnterCriticalSection
ExitProcess
CreateDirectoryW
GetTempPathA
CreateEventA
GetCommandLineA
lstrcmpiW
WaitForSingleObject
SuspendThread
ResumeThread
LeaveCriticalSection
lstrcpyW
InitializeCriticalSection
lstrlenW
lstrcatW
SwitchToThread
SetWaitableTimer
OpenProcess
GetFileSize
GetCurrentThreadId
DuplicateHandle
MapViewOfFile
ResetEvent
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
CreateWaitableTimerA
SetLastError
lstrcmpiA
WaitForMultipleObjects
TlsGetValue
RegisterWaitForSingleObject
TlsAlloc
LoadLibraryExW
TlsSetValue
UnregisterWait
VirtualAlloc
VirtualProtect
GetTempFileNameA
RemoveVectoredExceptionHandler
VirtualFree
AddVectoredExceptionHandler
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
lstrcpynA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
SleepEx
LocalAlloc
FreeLibrary
RaiseException
VirtualQuery
DeleteCriticalSection
SetFilePointer
RemoveDirectoryW
ExpandEnvironmentStringsW
SetEndOfFile
FindClose
GetFileAttributesW
SetFilePointerEx
FindFirstFileW
FindNextFileW
GetVersionExA

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

Imports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB