gozi | c62763c8dd7c8bd3d94240bdc1f8eba8

Sharing

Copy URL Twitter E-mail

General

Target

c62763c8dd7c8bd3d94240bdc1f8eba8
Size

242KB
MD5

c62763c8dd7c8bd3d94240bdc1f8eba8
SHA1

3cddecdc77d50b35cca9fc878d6656d8dec73174
SHA256

21db22341a086b1942852263de93d3c761fabf6233b9ea00b45983ac2c2b1774
SHA512

1efb00e16d908038bcad6f36ce60147dc07f46cb29e2e0fdb485e6aebc68b29e61ce5190cbf1adf8f8677633c5a69c8bd70d30421b74e638ce9317c4351d601b
SSDEEP

6144:tmnZO0GDlypHAT/cxkDyPFXkfh+3m33c5TWjak4SQS83x:tMZOrEpHAT/cLPF0Im3s5TWjaCB8

Score

10^/10

isfb 2500 gozi

Malware Config

Extracted

Family

gozi

Botnet

2500

art.microsoftsofymicrosoftsoft.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

gta5.fifatalk.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

free.monotreener.com

sam.fafona.at

Attributes

exe_type
worker
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c62763c8dd7c8bd3d94240bdc1f8eba8

Files

c62763c8dd7c8bd3d94240bdc1f8eba8
.dll windows:4 windows x64 arch:x64

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ZwQueryInformationToken
ZwClose
NtSetInformationProcess
sprintf
ZwOpenProcess
ZwOpenProcessToken
strcpy
ZwQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
RtlImageNtHeader
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
ZwQueryKey
RtlUpcaseUnicodeString
RtlFreeUnicodeString
_snwprintf
_strupr
wcstombs
memcpy
memset
RtlAdjustPrivilege
NtQueryInformationThread
__C_specific_handler
__chkstk
OpenEventA
VirtualProtectEx
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
TerminateThread
CreateThread
GetCurrentProcessId
IsWow64Process
GetVersion
GetLocalTime
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
HeapAlloc
HeapFree
CreateDirectoryA
GetLastError
RemoveDirectoryA
CloseHandle
LoadLibraryA
CreateFileA
DeleteFileA
lstrcpyA
lstrlenA
WriteFile
lstrcatA
HeapDestroy
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitThread
TerminateProcess
GetTickCount
GetCurrentThread
lstrcmpA
Sleep
CopyFileW
CreateFileW
GetWindowsDirectoryA
DeleteFileW
EnterCriticalSection
ExitProcess
CreateDirectoryW
GetTempPathA
CreateEventA
GetCommandLineA
lstrcmpiW
WaitForSingleObject
SuspendThread
ResumeThread
LeaveCriticalSection
lstrcpyW
InitializeCriticalSection
lstrlenW
lstrcatW
SwitchToThread
SetWaitableTimer
OpenProcess
GetFileSize
GetCurrentThreadId
DuplicateHandle
MapViewOfFile
ResetEvent
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
CreateWaitableTimerA
SetLastError
lstrcmpiA
WaitForMultipleObjects
TlsGetValue
RegisterWaitForSingleObject
TlsAlloc
LoadLibraryExW
TlsSetValue
UnregisterWait
VirtualAlloc
VirtualProtect
GetTempFileNameA
RemoveVectoredExceptionHandler
VirtualFree
AddVectoredExceptionHandler
GetProcAddress
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
OpenFileMappingA
GetExitCodeProcess
LocalFree
CreateProcessA
CreateFileMappingA
lstrcpynA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
QueueUserAPC
OpenThread
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
SleepEx
LocalAlloc
FreeLibrary
RaiseException
VirtualQuery
DeleteCriticalSection
SetFilePointer
RemoveDirectoryW
ExpandEnvironmentStringsW
SetEndOfFile
FindClose
GetFileAttributesW
SetFilePointerEx
FindFirstFileW
FindNextFileW
GetVersionExA

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

8a5d8f502e35131a4443369f6ddb5a6c

Headers

File Characteristics

Imports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.bss Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 4KB