gozi | 9287378a4d2d2d9d69a85f32a7d7e12277a09e3cd89da5b1c11c64f5e4aca079

Sharing

Copy URL

Twitter E-mail

General

Target

9287378a4d2d2d9d69a85f32a7d7e12277a09e3cd89da5b1c11c64f5e4aca079
Size

3.1MB
MD5

e6b5587d3f2ab26a8f359108612704c1
SHA1

9e2f7654d79e3205f901d8693b6cb8d98e20740d
SHA256

9287378a4d2d2d9d69a85f32a7d7e12277a09e3cd89da5b1c11c64f5e4aca079
SHA512

c9470409c78eb4aeb76ef1ec7d0e29432d26df6d3a0f03731a50416f392c16aa26a726bdc4b418e0abab0b8640ce55a68485d1bed42a7b5539f2885ff992da24
SSDEEP

49152:NbjxRaWbjuRL2BnKsayCp8TuDCoAilUjWKGUoWdjmWz7kwC9bf+nt9mxYXo8ZBlc:JxgUjucBnGx4muiFKGwHvgbWTDo8f

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9287378a4d2d2d9d69a85f32a7d7e12277a09e3cd89da5b1c11c64f5e4aca079

Files

9287378a4d2d2d9d69a85f32a7d7e12277a09e3cd89da5b1c11c64f5e4aca079
.exe windows:10 windows x86 arch:x86

e1c85903e18d6222b569201b192e1e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MpWUStub.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
EventWriteTransfer
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey
EventUnregister
EventRegister
OpenThreadToken
OpenProcessToken
GetLengthSid
CheckTokenMembership
FreeSid
CopySid
AllocateAndInitializeSid
AdjustTokenPrivileges

kernel32

CloseHandle
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThread
GetCurrentThreadId
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryExW
CompareStringW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
RaiseException
CallNamedPipeW
InitializeProcThreadAttributeList
CreateToolhelp32Snapshot
UpdateProcThreadAttribute
Process32NextW
Process32FirstW
DeleteProcThreadAttributeList
WaitNamedPipeW
VirtualQuery
FlushFileBuffers
GetProcessId
GetProcessTimes
GetCommandLineW
GetThreadTimes
GetModuleFileNameW
GetEnvironmentVariableW
GetSystemDirectoryW
HeapSetInformation
CreateProcessW
GetExitCodeProcess
FindNextFileW
WriteFile
SetEnvironmentVariableW
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
OpenProcess
CreateEventW
SetEvent
WaitForSingleObjectEx
ResetEvent
SetFilePointerEx
QueryFullProcessImageNameW
VirtualLock
GetStdHandle
GetCommandLineA
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
DecodePointer

rpcrt4

UuidCreate

ntdll

RtlNtStatusToDosError
RtlGetVersion
RtlUnwind

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

e1c85903e18d6222b569201b192e1e98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

rpcrt4

ntdll

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 3KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 7KB - Virtual size: 6KB