gozi | 94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump[.]bin[.]exe | Triage

Sharing

General

Target

94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe
Size

38KB
MD5

7732d02d81d8c0b5b22cd6eab1b754f6
SHA1

490743abb712f9875b9146e398a9e1b85ec84438
SHA256

5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8
SHA512

d6e657d4824a4d79e771c3ec20006a216c4e25b47c2d9cdf230bc71973fd7fb0ec965aac8568f226d59d55dfe5705866b3f6e6b9e7d5d872afe15b2a96a77f19
SSDEEP

768:3yyQXfpwh0ZOds/5EXv2C54NbptaDL0grngoZHYgXLBYfUV:3y9fpvZOdsx2v2+4b/aDLDrnpYgXLKf

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Attributes

build
214084

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe

Files

94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe
.exe windows:4 windows x86 arch:x86

7dce9f9b33080abb2a66951c50e1b4e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
GetCommandLineW
HeapDestroy
HeapCreate
GetLastError
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
lstrlenW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
VirtualAlloc
lstrcpyW
HeapAlloc
HeapFree
CreateFileMappingW
TlsGetValue
GetModuleFileNameW
OpenProcess
GetVersion
CreateEventA
GetLongPathNameW
VirtualProtect
lstrlenA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
TlsAlloc
TlsSetValue
TlsFree
LeaveCriticalSection
EnterCriticalSection

user32

wsprintfW

ntdll

memcpy
memset

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ