Behavioral task
behavioral1
Sample
49fca0bda0e46b1bf70e9b4aad12cc98.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
49fca0bda0e46b1bf70e9b4aad12cc98.exe
Resource
win10v2004-20231215-en
General
-
Target
49fca0bda0e46b1bf70e9b4aad12cc98
-
Size
52KB
-
MD5
49fca0bda0e46b1bf70e9b4aad12cc98
-
SHA1
fdfe58f6a38cd86a5450e929f968b0c265fbebc7
-
SHA256
aa291b2443e1e8b4aea58a5127d9c55b5996578e60a79bfcdb976a9b6eaca782
-
SHA512
cfb4abdeb3e2e3581904bb82d281163c90e2e7cdd1a652fa5504ffd29232fbc8f93b919260daa67e3ab23a0ddf5dbaf0dbc9560615a3f773c325d3e12f87a68c
-
SSDEEP
768:6P+o2H/bSt2Zt1qwNHfczNJQzQLsF2PN9r8Aew7LY:mO/bUtwJmbwQLsFUPeiY
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 49fca0bda0e46b1bf70e9b4aad12cc98
Files
-
49fca0bda0e46b1bf70e9b4aad12cc98.exe windows:4 windows x86 arch:x86
b4be654700344f3a01d12b5b56049d2c
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
fopen
fseek
fread
fclose
sprintf
strrchr
_except_handler3
_stricmp
kernel32
GetStartupInfoA
GetModuleHandleA
GetTempPathA
CreateProcessA
GetSystemDirectoryA
FindFirstFileA
FindClose
GetModuleFileNameA
CreateFileA
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
WriteFile
SetFileTime
HeapFree
Sections
.text Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE