PluginMain
Behavioral task
behavioral1
Sample
2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e.dll
Resource
win10v2004-20240802-en
General
-
Target
2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e
-
Size
14.1MB
-
MD5
bf765f5ebdb4a89f4b76b9f4649c9146
-
SHA1
4d54a71675603b3b0d2b605ad9c5a0549be7b3de
-
SHA256
2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e
-
SHA512
b1e06265678a12774488b23f26e3a4d67559de7db5551d7d6e3d11757dd45abd4544313ae3cb74ddd4aa86890604f6afac19c067db05a51352cac0dc04ea2e5a
-
SSDEEP
196608:hulmGoyN8JoUFGn2hxHHgvP1FvP19A3txhWKLVgw3mTWCwo8R+:Yo48FU2w0lVJmTWCwH+
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e
Files
-
2d840191932d6f9eaef493501afd4370db49598df3b75c2140098c0c76b9946e.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Exports
Exports
Sections
Size: 713KB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 171KB - Virtual size: 530KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 16KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 42KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4.9MB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 3KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.winlice Size: 8.2MB - Virtual size: 8.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ