gozi | LoadPEdll[.]dll | Triage

Sharing

General

Target

LoadPEdll.dll
Size

66KB
MD5

d866f6a584ca2a8a02168b4f5230ef6d
SHA1

a5f148435689395bf37fe168b1026ba45da12332
SHA256

027d0c6926829a840b414cd9aa64e9a2a28396784704c50895162df5de376442
SHA512

613ef26520ef8aaf7b0d8c2de3a4b78d3592f8ee7de5ed74c2b76eebd53b24756e7b3fa6124c991541a286abff4efbb5539a0f97d823d000a39f69ebcb933690
SSDEEP

1536:ApPtsWcKyFML+2YIf5YdDn/qGU1jDi3p:IcKYM5n5eqGU13y

Score

10^/10

ldr4 gozi

Malware Config

Extracted

Family

gozi

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LoadPEdll.dll

Files

LoadPEdll.dll
.dll regsvr32 windows:6 windows x64 arch:x64

2d10f213308ed229b8247cfc0f9da99c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree

Exports

Exports

DllRegisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ