gozi | 3f3fd650682d1b8e209c39552582cec2

General

Target

3f3fd650682d1b8e209c39552582cec2
Size

74KB
MD5

3f3fd650682d1b8e209c39552582cec2
SHA1

11c4c1ce4bb59542ec635939ab5d91efd6818d8c
SHA256

5d7f38eb4e6fe1e7eb4e60180ceed24d98e52e761ae52e5e524801b3999c9790
SHA512

f4f36d7ad946e61c737ebb9f0c63e56f1223cdf4fe14287b06ddb6b0b2fc98a8cdaa7965c4e2d4bb5a1da2257afa829ebd7fdfbb32224b5a79f82f9c60ff6919
SSDEEP

768:9+Nm1a2FmLZuLFU/r6aqpHk5PmQnFgovom4at99lfO1Qtw/qsqcm9/p8kAn45:99YULFU/rVKCKovomN0QGiFcmc4

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3fd650682d1b8e209c39552582cec2

Files

3f3fd650682d1b8e209c39552582cec2
.exe windows:4 windows x86 arch:x86

c18c8e15f5796da3ee4df8124fe8b509

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
lstrcpyA
GetFileAttributesA
SetLastError
ExitProcess
SetFileAttributesA
SizeofResource
GetModuleFileNameA
LocalFileTimeToFileTime
SystemTimeToFileTime
LoadResource
FindResourceA
lstrcmpiA
FreeLibrary
GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
GetTempPathA
GetSystemDirectoryA
lstrcatA
CreateFileA
lstrlenA
WriteFile
MoveFileA
DeleteFileA
GetWindowsDirectoryA
WritePrivateProfileStringA
SetFileTime
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ReadFile
TerminateProcess
GetCurrentProcess
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
MultiByteToWideChar
LCMapStringA
GetStringTypeW

user32

wsprintfA

advapi32

OpenServiceA
StartServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegCreateKeyA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

c18c8e15f5796da3ee4df8124fe8b509

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 40KB