Overview
overview
10Static
static
10Virussign....41.exe
windows7-x64
Virussign....41.exe
windows10-2004-x64
Virussign....83.exe
windows7-x64
1Virussign....83.exe
windows10-2004-x64
1Virussign....0a.exe
windows7-x64
Virussign....0a.exe
windows10-2004-x64
Virussign....b9.exe
windows7-x64
Virussign....b9.exe
windows10-2004-x64
Virussign....35.exe
windows7-x64
Virussign....35.exe
windows10-2004-x64
Virussign....7d.exe
windows7-x64
Virussign....7d.exe
windows10-2004-x64
Virussign....f1.exe
windows7-x64
7Virussign....f1.exe
windows10-2004-x64
7Virussign....ad.exe
windows7-x64
1Virussign....ad.exe
windows10-2004-x64
1Virussign....9c.exe
windows7-x64
1Virussign....9c.exe
windows10-2004-x64
1Virussign....55.exe
windows7-x64
8Virussign....55.exe
windows10-2004-x64
8Virussign....c5.exe
windows7-x64
3Virussign....c5.exe
windows10-2004-x64
3$PLUGINSDI...de.dll
windows7-x64
3$PLUGINSDI...de.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$SYSDIR/GPhotos.scr
windows7-x64
1$SYSDIR/GPhotos.scr
windows10-2004-x64
1$TEMP/Pica...sg.dll
windows7-x64
1$TEMP/Pica...sg.dll
windows10-2004-x64
1General
-
Target
260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
-
Size
294.8MB
-
Sample
240613-c63yks1gqc
-
MD5
67a5831b686c19fb480396f98f1079bc
-
SHA1
d05134893047f3e4f5293242a4e68a8ec55aa624
-
SHA256
260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
-
SHA512
a3eb042fe14caf631c53fd459f0df6529f859f9281cba44816584ed4f56ba9e02bbdd65c5e8c1e9f35d6cc66879fa4506cdc2a2c7b82f572ca61ce54487a6476
-
SSDEEP
6291456:IZfdwL7u84xrkvjmqaZ/eHu/bKZ+XaYRzZo/9AZ3mNpMFUTE+7enjrsJovsu1SgB:2dQB0kjSbXGfQcq09Y
Behavioral task
behavioral1
Sample
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.exe
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$SYSDIR/GPhotos.scr
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$SYSDIR/GPhotos.scr
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win10v2004-20240611-en
Malware Config
Extracted
gozi
Targets
-
-
Target
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.vir
-
Size
264KB
-
MD5
001d2d017b5a7716053d3f1486270f41
-
SHA1
134e90a630685756e64d4f9261a42b16a429bfb4
-
SHA256
6ded4860d0d448a3d6be053aeeb5dc5807237c626dde9e8753fb8e391a20085f
-
SHA512
dea76160993edc1e8b7e521a312fc8ad6b24fb13686650788ae17b573e7a6f0f56862c9368e9f18671d9efaa341cbbfcd03627f0fd8eb75c0985d6206ac9f0fe
-
SSDEEP
3072:V0Yi1Dv5+lRM0kkE0SrkY96A07YJqm05ieY639:VSDv5+lRM0kkE0Srk7r7AqmkYW
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.vir
-
Size
133KB
-
MD5
f4ab74d27fd8116fe2c37d8154855a9d
-
SHA1
f09675326f81ab0271871adad9c7c65fee0a1446
-
SHA256
7edda9eb5d207df8bde583a00b614c0f50cb5f72f0a3877777a2c65909a34af9
-
SHA512
be88b2e52e5affd34a2ada17a71858bef1ad7589390545cd2d1e291e24c9cd1c5e532aabff118abf9552d5ef889f36a2c6dd0691777422b77c6f2f210c015b6d
-
SSDEEP
3072:+wYAHqXZJHR8jqWHnKCsCUISQEWM+wZqwO0:+wtKXZlylt
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.vir
-
Size
40KB
-
MD5
012d6250b2f03cc71381041c4eeeb50a
-
SHA1
7fb3e7e476fdcb4348f5f81cd204e3a5cbe1f9a9
-
SHA256
76b3e9b52bed711b27a1bd17d58ad31dd268b843a4b845cbc5a1ca88270910a1
-
SHA512
35939882b204e6f9d80e794506c975c0ddbf104ba66f5cb0d43bd35dda7cefd2b681b1a7c219d42b9fa8f0f53aa253b1027017b40cf91534078fe130278daa93
-
SSDEEP
768:Um0CAbLg++PJHJzIWD+dVdCYgck5sIZFZhfX58fX5avnSPkc:t1++PJHJXA/OsIZBX5WX5b
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.vir
-
Size
103KB
-
MD5
0253492c47e1aae5c1906a4b099e13b9
-
SHA1
ff47af05a11b5b8a7da7c9ddee31cd09c02dc554
-
SHA256
1af9f6233863af004d0e7489a59eeb9a4f07611d45365e5761053835bbaa847e
-
SHA512
68791f2461f874b1d692036a15cc202e8e7402dbf9c63434dd79c422113d0da226798b3abab78a18aca3f904a4cb9f5033c1b1365fbea43153a3abcfff8aff2f
-
SSDEEP
1536:YA/OsIZfzc3/Q85JiRJij7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q85JiRJiDCQCa:XQSoUnyiQSok
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.vir
-
Size
94KB
-
MD5
025c0616d26ebf93aa583d575245bf35
-
SHA1
a40e17ceb956440d8e2cfffbd5521c8c6a73ee9d
-
SHA256
139c0de1f2cc0f0adb2ac795cdda3aca3c2cebc9709f33bfc4723b6d7d44ae14
-
SHA512
58f195d6ccb7fa6d296e658d6b0b88aeade5fd3d24b33983a033eeef1db2d346c5fb618f17e54ec85e0a99b2d1849e1134cfab1e458995f06049c9501166368f
-
SSDEEP
1536:YA/OsIZfzc3/Q8Q8/8bo2pM7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Q8/8boZ:XQSoskbo2pMnyiQSoskboZ
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.vir
-
Size
1.2MB
-
MD5
02c31485fa69ef9d1a370034d043587d
-
SHA1
685239570d722c61a1f895e3a15184a427b88819
-
SHA256
762a8c34b753fa31c6f51059b45078453b5b7a20bb99422ff74851cf2fa92088
-
SHA512
b872655e70e6b7e43401f46d1e3dcc44352efc12f3aaf5be81f0c24e2c9e69626a472fe37063d1ba2b2da796d564b4d1034320c41e77e76b6ded57a3c3551aec
-
SSDEEP
24576:vBF672l6i2Ncb2ygupgrnACAmZ/NwFC31G3AcMxA7DX+qtrRgxNrgPoUgjQJi:r56uL3pgrCEdM/QxtgPov
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.vir
-
Size
1.7MB
-
MD5
03bf9f5a5e7769cd9cddf935454e30f1
-
SHA1
9848f6ac4205b5f38372fd41adc810b53e114302
-
SHA256
71a9a636f468ed3b08721df281d8bf5372b8db8879464f3718316a40cba5da56
-
SHA512
f07bba9a610ee96ce13ab585f5c70831d2af5cecdb93f64e91a40c7aa90d7cbec95ad1d4089ae2781f5479eb7750ee39b84a4d5b80e36320f29d12977094716e
-
SSDEEP
24576:/o5dOf9g8OlZflTja0TZaqdiXSp0c02uFG6dAk3CMq0:/qdOhODf5a0TZaqdwk0c05HGi1
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
-
-
Target
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.vir
-
Size
39KB
-
MD5
03d6ebf12ae52644ac8fbc893526aaad
-
SHA1
94e5931b3e6f08540ea1444d4ca32c04dfc3d718
-
SHA256
129c51be985345ab11d83350eaae7f3001ea0562db91fd02fd2d9cbcbf864e4c
-
SHA512
a550c48654537eb983355198e9ea9eb0644829beafa55c06c0b448ac66ae60bfe3a346f0957080c350920d1b31761de829c4a9a10a0ae78ac8c9610c81efa40d
-
SSDEEP
384:8Cr3uc+P9FYVLMME5fbZI2gtTvHEwPhtvNudiBuD2159aqhA:l+PYVLxE5fbj2zthlNxBuDvq
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.vir
-
Size
58KB
-
MD5
0437640434489c178ddce32f6bc8bd9c
-
SHA1
37f726985385a715f21e34ee7e27c14112d8dda9
-
SHA256
fe083f6ffd8ae61efba45099b0e55a356c24cfca83738b13ea73ecd76622e995
-
SHA512
58dafac6161446f6b644a247f5a344ff657211d60667627a2c21f78bc4942d14543b97220456ea7b6fe8e47624d046c2b8e8168a19bcd77408fb171e0b718817
-
SSDEEP
768:KDfbpEmkB9PyuUbUTUDa4yATSby7ozW4rkrIvTTmdGT55DIHMd6vdQG3gCb/VQPC:KDDpVGqaZkrQT2MEqGwmK
Score1/10 -
-
-
Target
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.vir
-
Size
5.2MB
-
MD5
044454717ce16bdfddd7dfedfc4fa455
-
SHA1
2beb7f9914dfa214bbd2d6e69af0c154c13994a6
-
SHA256
55c3507d0db1a9dde5ee48796d7e0bdc7f3681f62aa8efff98e97b7ff9c1afdd
-
SHA512
8d55da3d0d1f85f674bdd9eeb4c05af4a45cfa25b83d513582bd7eb7cde0125109cde73e5b96c486d9ab09c845c45da07ef1b2158fd8dd1409da8e6d62174f5a
-
SSDEEP
49152:exxCp6fPKUYwWBNRaujWa6K2wxIO5B3CJr/FkjpdCnD5il0xbNbDevV05JDVEGmM:StfymWlMM3CtIIn40xbNbDIGJxUQ7
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.vir
-
Size
2.7MB
-
MD5
0622fa4ddac7802def045e83a4ccb8c5
-
SHA1
2ad1bdf90f3c0cb18e58ce4f3d2097cb4bfb7087
-
SHA256
59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
-
SHA512
233bde8b2fd64ffa9e529a90e772f651313c93ed24c78f25870a5d8a215093e12adf03c183dbf938c492faa8274b5c2b6c35676a0cb66b171080ed8af8364706
-
SSDEEP
49152:KqZQ0QKjXrK7DbGmzOL0hs3/9VwAH8C4gVRSO8qNmK7+r06tbdjM2sYS02VzrO:KqZQCG7nHq0sV5H8C4gVRSNqN17+r/tj
Score3/10 -
-
-
Target
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
-
Size
116KB
-
MD5
aa1a7ecd9cefb7639592648991adf8ff
-
SHA1
6f2bfc5008dc754db849af068fb9008ede3abe3d
-
SHA256
0b87401371a5547e79fdc3bdb75f65afc275b6eda057276267d80caa81c5081a
-
SHA512
c070abffeda7ad1add4623f07e5176712f1ef51827af532765dfe93144fd517c19542a0d3dc7c980d47a4011dd295509eb6f7d009f04f7c9616f2df2ee6ae3e8
-
SSDEEP
1536:ItIObacRovDoa5RigM/srzPBSJY4Mz5I360wLxL8gP9xtBeIw9Pntb8P6oHj:ItVxSR5o9Kzn0mAkxtMIw9vtbI6C
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
301a9c8739ed3ed955a1bdc472d26f32
-
SHA1
a830ab9ae6e8d046b7ab2611bea7a0a681f29a43
-
SHA256
6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92
-
SHA512
41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094
-
SSDEEP
192:hCPej3uzvJwqJMQKN4GbeWZksMI4ETWcEbcBZ8ep2Kra7yAG:hCQ2HgN4GbeWmbI4Eybogia7yA
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
b0165587c54350b6c9910e765f16ad9e
-
SHA1
fd81de9f3b1dd8d6cfa8621fddf9f93c29b4710f
-
SHA256
26006c739057373f948b11892f40b0cc686c6c97c448f79447856421f9a15563
-
SHA512
2f69354fd433eec277a804124f5c476fd645270b89af3db22ed45b599cdf251cfccdc3c642b8893078748a0a674676ea28c5fe5b471a633de7301c6a6646295b
-
SSDEEP
192:bzQhZDqlJcKISw99ioU3MSfwLF/+nhHUOFsdz:bzoZDGKYw9goWyFGBUVz
Score3/10 -
-
-
Target
$SYSDIR/GPhotos.scr
-
Size
4.4MB
-
MD5
d27fa7516848de6820d9bb95be7a4e36
-
SHA1
f87eba07d880a1fb3e87391655153790542e2d4b
-
SHA256
7966d8f3db6b6fa46ab53e3ee9ae0d11bcbf18049a1df06f1289b31ee6db4299
-
SHA512
603c570d26a0ac000f72dfc905483af623048a2aeea0396827c77dd627416466e88446f3cee59bae259317fcb8eb4072ca208a720bcd732db7cf7968b8f244a4
-
SSDEEP
98304:saW9lnNyMKJ2BWMXt/34smaZmaRME9iv:swM9PJmaZma
Score1/10 -
-
-
Target
$TEMP/PicasaInstaller/spmsg.dll
-
Size
14KB
-
MD5
066f7fcca265d01a5b7eaf41ade789b1
-
SHA1
dcfd5d499c71f83d4a3b7026728ad79eeab13f89
-
SHA256
93bb82eb2786708add9f1538283658ee949aa79e658196f0386ad88fb61320b1
-
SHA512
7fa09d093df7bb95f52badc463123cef848dbc26e8da2a3e014289a41ecf273b546182210e70f42c408f84d673f8811c74e142f9c60978a20f89f6b1d6d9acaf
-
SSDEEP
192:4W0boplW7QdvzVL/CldolMGoVOu39DKmHj78iCYsB:4W087W7QdvzVLCcM4aeWHCbB
Score1/10 -