gozi | 2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber
Size

15.9MB
MD5

5332c0a59e1fbee2a7897c2a9dea9b3d
SHA1

48e81304a02be2eada884d9bc8bc44b2aafebf16
SHA256

65b790b69a022c8a968515fd8a535ff7785c885e56868f306171a63bd611bbb3
SHA512

70a52983f234e23c36fc6bb9e091bbbbc566cccca6caab311c89b9e6f3f6c80de270a14f7c90fa4887b57c185b076e59b25ef3416b3af7918816af1cf1d23f17
SSDEEP

393216:jgMdJwI3saK5c54u2srOQYiclgeOco9t/:jJL3Bu/QYisOH/

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber

Files

2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber
.exe windows:6 windows x86 arch:x86

b9a8b3b5438d47dc80212d0cee6d946c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
ntohl
recv
htonl
htons
send
inet_addr
select
gethostbyname
connect
WSAStartup

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetImageBounds
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectI

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

RaiseException
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
GlobalUnlock
GlobalFree
GetShortPathNameW
FreeLibrary
GetLocalTime
DecodePointer
GlobalAlloc
GlobalLock
VerifyVersionInfoW
VerSetConditionMask
GetProcAddress
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
CreateMutexW
GetCommandLineW
CloseHandle
LoadLibraryW
ReadFile
WriteFile
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
TerminateProcess
GetExitCodeProcess
TlsGetValue
TlsSetValue
OpenProcess
LoadLibraryA
GenerateConsoleCtrlEvent
SetEvent
ResetEvent
WaitForSingleObject
OpenEventA
CreateProcessA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
GetStartupInfoA
TlsAlloc
TlsFree
VirtualProtect
WriteProcessMemory
LockResource
GetSystemDefaultLangID
MulDiv
GlobalReAlloc
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetDateFormatW
CreateFileW
GetTempPathW
GetFileAttributesW
GetWindowsDirectoryW
GetFileSize
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
EncodePointer
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStdHandle
PeekNamedPipe
EnterCriticalSection
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RemoveDirectoryW
SetEnvironmentVariableW
DeleteFileW
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
GetCPInfo
GetSystemTimeAsFileTime
LCMapStringEx
WaitForSingleObjectEx
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
LeaveCriticalSection
GetFullPathNameW
LocalFree
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCurrentThreadId
HeapAlloc
SetLastError
GetCurrentProcessId
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapSize
HeapReAlloc
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
WriteConsoleW
GetSystemTime
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
GetFileType
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

DestroyWindow
UnregisterClassW
DialogBoxParamW
SetWindowLongW
CreateDialogParamW
DestroyIcon
EnableMenuItem
DefWindowProcW
GetDlgItem
IsWindow
SendMessageW
UpdateWindow
PostMessageW
LoadStringW
GetWindowLongW
EndDialog
MessageBoxW
ShowWindow
IsWindowVisible
GetActiveWindow
SetWindowTextW
DialogBoxIndirectParamW
PeekMessageW
TranslateAcceleratorW
GetDialogBaseUnits
FillRect
SetTimer
HideCaret
EndPaint
BeginPaint
GetDlgCtrlID
SetForegroundWindow
MoveWindow
ClientToScreen
ScreenToClient
KillTimer
IsWindowEnabled
IsDialogMessageW
CallWindowProcW
MonitorFromPoint
CreatePopupMenu
TrackPopupMenuEx
RemoveMenu
CreateWindowExW
MessageBeep
AppendMenuW
PtInRect
GetMenuItemCount
LoadCursorW
GetClassInfoExW
LoadImageW
GetSystemMetrics
RegisterClassExW
LoadAcceleratorsW
LoadMenuW
PostQuitMessage
LoadStringA
GetDC
GetClientRect
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuRadioItem
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetFocus
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetParent
MapWindowPoints
EnableWindow
GetWindowTextW
GetWindowRect
InvalidateRect
DestroyMenu
SetWindowPos
GetMenu

gdi32

CreateFontW
GetTextExtentPoint32W
GetStockObject
SelectObject
GetDeviceCaps
DeleteDC
DeleteObject
SetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetSecurityDescriptorDacl
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromString
StgOpenStorage
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

VarXor
VarOr
VarAnd
VarCmp
VarPow
VariantInit
VariantClear
VariantCopy
SysAllocString
SysFreeString
VarUI4FromStr
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
QueryPathOfRegTypeLi
LoadRegTypeLi
LoadTypeLibEx
VarMul
VarSu
VarAdd
VarDiv
VarIdiv
VarMod

comctl32

InitCommonControlsEx

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JPc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.J1E
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ais
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b9a8b3b5438d47dc80212d0cee6d946c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

gdiplus

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 612KB - Virtual size: 611KB

.data Size: 55KB - Virtual size: 269KB

.JPc Size: 4.0MB - Virtual size: 4.0MB

.J1E Size: 2KB - Virtual size: 2KB

.ais Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 157KB - Virtual size: 156KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 612KB - Virtual size: 611KB

.data
Size: 55KB - Virtual size: 269KB

.JPc
Size: 4.0MB - Virtual size: 4.0MB

.J1E
Size: 2KB - Virtual size: 2KB

.ais
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 157KB - Virtual size: 156KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB