gozi | 49fca0bda0e46b1bf70e9b4aad12cc98 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49fca0bda0e46b1bf70e9b4aad12cc98
Size

52KB
MD5

49fca0bda0e46b1bf70e9b4aad12cc98
SHA1

fdfe58f6a38cd86a5450e929f968b0c265fbebc7
SHA256

aa291b2443e1e8b4aea58a5127d9c55b5996578e60a79bfcdb976a9b6eaca782
SHA512

cfb4abdeb3e2e3581904bb82d281163c90e2e7cdd1a652fa5504ffd29232fbc8f93b919260daa67e3ab23a0ddf5dbaf0dbc9560615a3f773c325d3e12f87a68c
SSDEEP

768:6P+o2H/bSt2Zt1qwNHfczNJQzQLsF2PN9r8Aew7LY:mO/bUtwJmbwQLsFUPeiY

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49fca0bda0e46b1bf70e9b4aad12cc98

Files

49fca0bda0e46b1bf70e9b4aad12cc98
.exe windows:4 windows x86 arch:x86

b4be654700344f3a01d12b5b56049d2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
fopen
fseek
fread
fclose
sprintf
strrchr
_except_handler3
_stricmp

kernel32

GetStartupInfoA
GetModuleHandleA
GetTempPathA
CreateProcessA
GetSystemDirectoryA
FindFirstFileA
FindClose
GetModuleFileNameA
CreateFileA
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
WriteFile
SetFileTime
HeapFree

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE