gozi | 63e3b6850d448035b6c9a1d73f9682aced2a855f92bd6d22c83ba9d7ec1544c0

General

Target

63e3b6850d448035b6c9a1d73f9682aced2a855f92bd6d22c83ba9d7ec1544c0
Size

455KB
MD5

6eba6597481588ed427806dc26dfa31f
SHA1

ba201fad3997d76911024cf38c5059002d73a6e4
SHA256

63e3b6850d448035b6c9a1d73f9682aced2a855f92bd6d22c83ba9d7ec1544c0
SHA512

46f04f159d8585c504f940b797b49cc51237d807ee20a6a8da77c086439b239e932a9f6f8ddcc2c9314c055e1c254e50fe6d0a50eb342c1aebca363acf2edf41
SSDEEP

12288:66VMSZQpt/vFz30+9WkFGbPhOrK7CptGIeb0I:nVMSZQLF4+ANbP4rK7CpxebL

Score

10^/10

isfb gozi

Family

gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a3ce5f871cc8d68100f16fe1ce133b899e220984a853e74f333ed07bd94eb4fc

63e3b6850d448035b6c9a1d73f9682aced2a855f92bd6d22c83ba9d7ec1544c0
.zip

Password: infected
a3ce5f871cc8d68100f16fe1ce133b899e220984a853e74f333ed07bd94eb4fc
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ