gozi | 17af05823ed53b5e794c3a5696326454d8f91ad6af4f33e2ffa4b780bfd17d98N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

17af05823ed53b5e794c3a5696326454d8f91ad6af4f33e2ffa4b780bfd17d98N.exe
Size

424KB
MD5

6b49301b237b1af3e9053f483873ac90
SHA1

a1864e97fe1daa58f604bce175b9485ba7dec0a7
SHA256

17af05823ed53b5e794c3a5696326454d8f91ad6af4f33e2ffa4b780bfd17d98
SHA512

f3c9228e656222b7ee94db6524b2152260fc27d7c165d4d3e972a9c3aa72a9c5d420c50f63fea1933cb45bcd158e8d3c11b008823b5cb191c4b0426df3ab22db
SSDEEP

12288:9K3hNW7anjJCH7sG/PKYkpNzAyC3DBnW063EKwOEC:9KxDjJOR/PKJNz6DBn+3aO

Score

10^/10

isfb gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17af05823ed53b5e794c3a5696326454d8f91ad6af4f33e2ffa4b780bfd17d98N.exe

Files

17af05823ed53b5e794c3a5696326454d8f91ad6af4f33e2ffa4b780bfd17d98N.exe
.exe windows:5 windows x86 arch:x86

50a03aab3f688501f35c5c64137234fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlNtStatusToDosError
memset
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
ZwClose
NtCreateSection
mbstowcs
ZwOpenProcessToken
ZwOpenProcess
ZwQueryInformationToken
NtQuerySystemInformation
RtlFreeUnicodeString
ZwQueryInformationProcess
RtlUnwind
RtlUpcaseUnicodeString
NtQueryVirtualMemory

shlwapi

StrRChrA
PathFindExtensionW
PathFindFileNameW
StrChrA
PathCombineW
StrStrIA
StrTrimW
StrChrW
PathFindFileNameA
PathFindExtensionA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

kernel32

SetEvent
GetTickCount
Sleep
HeapFree
GetExitCodeProcess
CreateProcessA
lstrlenW
GetLastError
GetProcAddress
ResetEvent
LoadLibraryA
lstrcmpiW
lstrcatW
DeleteFileW
CreateWaitableTimerA
SetFileAttributesW
SetWaitableTimer
HeapAlloc
GetModuleHandleA
HeapCreate
HeapDestroy
GetCommandLineW
ExitProcess
CloseHandle
ReadFile
WaitForSingleObject
CreateFileA
CreateEventA
LocalFree
CreateThread
GetCurrentThreadId
IsWow64Process
GetVersionExW
TerminateThread
InitializeCriticalSection
GetCurrentProcess
lstrcmpA
GetTempPathA
GetTempFileNameA
EnterCriticalSection
CreateDirectoryA
LeaveCriticalSection
GetFileSize
lstrcpynA
GetModuleFileNameA
VirtualAlloc
OpenProcess
VirtualProtectEx
SuspendThread
ResumeThread
GetLongPathNameW
GetVersion
GetCurrentProcessId
lstrlenA
ExpandEnvironmentStringsA
lstrcatA
lstrcpyA
ExpandEnvironmentStringsW
lstrcmpiA
SetEndOfFile
CompareFileTime
CreateDirectoryW
WriteFile
CreateFileW
FlushFileBuffers
FindFirstFileA
FindClose
FindNextFileA
GetFileTime
lstrcpyW
SetFilePointer
VirtualFree
GetModuleFileNameW
SetLastError
FreeLibrary

user32

wsprintfW
DispatchMessageW
DefWindowProcW
EndMenu
SendMessageW
GetClassWord
SetWindowsHookExW
CreateWindowExW
AppendMenuA
CreatePopupMenu
SetClassLongW
TrackPopupMenuEx
SetWinEventHook
RegisterClassExW
TranslateMessage
CallNextHookEx
PostMessageW
GetMessageW
DestroyWindow
wsprintfA
GetCursorInfo

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegOpenKeyA
RegCreateKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegSetValueExA
RegQueryValueExA

shell32

ord92
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

50a03aab3f688501f35c5c64137234fd

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

setupapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 3KB

.bss Size: 2KB - Virtual size: 1KB

.rsrc Size: 367KB - Virtual size: 368KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 3KB

.bss
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 367KB - Virtual size: 368KB