Behavioral task
behavioral1
Sample
e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b
-
Size
9.3MB
-
MD5
a8b40d4763f08d51bfed24d0bf258d0a
-
SHA1
2d949f75673e7489ccdabb266134a951dbf5586f
-
SHA256
e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b
-
SHA512
7ad834243e35af6ecdafe253bffc7b80d2020737e92ad0a82fbb881fde4506c7e6759e05e114ece6c91eda6f3877d4b6ede4a11d73ec4b20b383648b5f42f5c9
-
SSDEEP
196608:nPRWJbVQPXVB6F9xnRE3PHBDmsqfMcTKyb0qJQmhp:og/VB3VEdsC7
Malware Config
Extracted
gozi
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b
Files
-
e4a80728e6f8efdefc6f75560196ceda43d8835b1038feccd6b132cbc6ff6b5b.exe windows:6 windows x86 arch:x86
5cd763379c1e045f0c581cde065c37b2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
avifil32
AVIFileRelease
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileOpenA
AVIFileCreateStreamA
AVIFileInit
AVIFileExit
AVIStreamRelease
AVIStreamWrite
msvfw32
DrawDibDraw
DrawDibOpen
DrawDibClose
winmm
waveOutWrite
waveOutGetNumDevs
PlaySoundA
waveInClose
waveInStop
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveInPrepareHeader
waveOutOpen
waveInOpen
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveInUnprepareHeader
waveInReset
waveInGetNumDevs
kernel32
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
GetStringTypeW
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
UnhandledExceptionFilter
GetDateFormatW
GetTimeZoneInformation
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
VirtualQuery
RtlUnwind
ExitProcess
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
lstrcpynW
GetUserDefaultLangID
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
FreeResource
OutputDebugStringW
TerminateProcess
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetTimeFormatW
WaitForSingleObject
ResumeThread
SetEvent
TerminateThread
CloseHandle
CreateThread
CreateEventA
SizeofResource
HeapFree
InitializeCriticalSectionEx
HeapSize
Sleep
GetLastError
LockResource
HeapReAlloc
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
ReadFile
GetModuleFileNameA
WriteFile
lstrcatA
CreateFileA
lstrcpyA
GetFileSize
Process32First
VirtualProtect
VirtualFree
VirtualAlloc
CreateToolhelp32Snapshot
LoadLibraryA
DeleteFileA
Process32Next
GetSystemInfo
GetProcAddress
SetUnhandledExceptionFilter
MoveFileA
FindFirstFileA
OutputDebugStringA
FindNextFileA
SetFilePointer
lstrlenA
FindClose
LocalAlloc
MultiByteToWideChar
GetFileAttributesA
FileTimeToSystemTime
LocalFree
lstrcpynA
SystemTimeToTzSpecificLocalTime
CreateDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CancelIo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
CreateProcessA
GlobalFree
GetLocalTime
GlobalSize
LocalSize
LocalReAlloc
lstrcmpA
EncodePointer
SetLastError
GetCurrentThreadId
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GlobalDeleteAtom
lstrcmpW
FindResourceA
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
MulDiv
FormatMessageA
CopyFileA
GetVersionExA
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
GetDiskFreeSpaceA
GetFileTime
GetFullPathNameA
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
FlushFileBuffers
LockFile
SetEndOfFile
UnlockFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
InitializeCriticalSectionAndSpinCount
GlobalFlags
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
GetACP
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
SetFileAttributesA
SetErrorMode
FindResourceExW
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetProfileIntA
SearchPathA
user32
SetMenuItemBitmaps
RemoveMenu
GetMenuStringA
SetRectEmpty
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemID
SetMenu
GetMenu
GetCapture
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
GetMenuCheckMarkDimensions
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
SetFocus
InsertMenuA
CreateMenu
SetParent
IntersectRect
GetMenuState
GetKeyState
ShowScrollBar
TrackMouseEvent
LoadImageW
LoadAcceleratorsW
CopyAcceleratorTableA
InvalidateRgn
IsRectEmpty
GetNextDlgGroupItem
UnionRect
CheckMenuRadioItem
GetDC
DestroyCursor
DrawTextA
SetWindowLongA
GetWindowLongA
GetClipboardData
ClipCursor
GetScrollBarInfo
SetClassLongA
SystemParametersInfoA
DrawIconEx
SetMenuItemInfoA
GetMenuDefaultItem
DrawFocusRect
GetIconInfo
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
DestroyMenu
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextA
MapVirtualKeyA
GetMenuItemInfoA
IsZoomed
CharUpperA
RealChildWindowFromPoint
CopyImage
LoadBitmapW
EnableScrollBar
GetSysColorBrush
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
GetWindowThreadProcessId
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
IsChild
BringWindowToTop
SetWindowLongW
GetWindowLongW
IsWindowUnicode
GetClipboardFormatNameA
ShowCaret
LookupIconIdFromDirectoryEx
LoadBitmapA
GetMenuStringW
GetCursor
CreateIconIndirect
CreateIconFromResourceEx
FindWindowA
DrawAnimatedRects
VkKeyScanExA
GetKeyboardLayoutList
GetUserObjectInformationA
CloseDesktop
OpenInputDesktop
HideCaret
TranslateMessage
DispatchMessageA
GetMessageA
EnableWindow
InvalidateRect
UnregisterClassA
LoadIconA
SendMessageA
RegisterWindowMessageA
MessageBoxA
wsprintfA
GetCursorPos
PtInRect
GetSubMenu
PostMessageA
GetWindowRect
LoadMenuW
ReleaseCapture
UpdateWindow
GetParent
EnableMenuItem
GetClientRect
CheckMenuItem
SetCursor
SetCapture
LoadCursorW
ClientToScreen
GetDlgCtrlID
WindowFromPoint
ScreenToClient
DeleteMenu
GetMenuItemCount
SetWindowPos
IsWindowVisible
SendMessageTimeoutA
LoadCursorA
GetWindow
CharNextA
SetRect
DrawIcon
OffsetRect
MessageBeep
GetSystemMetrics
InflateRect
GetSysColor
FillRect
GetSystemMenu
SetClipboardData
EmptyClipboard
CloseClipboard
DestroyIcon
OpenClipboard
LoadImageA
GetDesktopWindow
KillTimer
LoadIconW
SetTimer
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
GetFocus
AppendMenuA
RedrawWindow
CreatePopupMenu
ReleaseDC
GetAsyncKeyState
DrawStateA
SetWindowRgn
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
FrameRect
GetTabbedTextExtentA
GetWindowRgn
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
LockWindowUpdate
GetDCEx
RegisterClipboardFormatA
GetDialogBaseUnits
gdi32
CloseFigure
FillPath
ExtTextOutW
CreateBrushIndirect
BeginPath
EndPath
StrokePath
ExtCreateRegion
StrokeAndFillPath
SetBrushOrgEx
GetBitmapBits
GetTextFaceA
GetTextExtentPoint32W
GetTextAlign
GetBkMode
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExA
GetRgnBox
GetTextColor
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
GetBkColor
GetTextMetricsA
GetCharWidthA
CreateFontA
GetTextExtentPoint32A
PatBlt
CreateRectRgnIndirect
CreateFontIndirectA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolyBezierTo
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CreateDCA
CopyMetaFileA
TextOutA
SetBkMode
GetObjectA
ExtTextOutA
SelectObject
CreateDIBSection
StretchBlt
StretchDIBits
DeleteDC
SetTextColor
SetBkColor
SetStretchBltMode
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateSolidBrush
msimg32
TransparentBlt
AlphaBlend
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
advapi32
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExW
IsTextUnicode
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
shell32
Shell_NotifyIconA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
ExtractIconA
SHAddToRecentDocs
DragFinish
DragQueryFileA
ShellExecuteA
SHAppBarMessage
SHGetPathFromIDListA
ord71
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteExA
SHGetSpecialFolderPathA
comctl32
ImageList_DrawEx
ImageList_Draw
ImageList_Add
ImageList_GetIconSize
ImageList_Destroy
ImageList_Create
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetImageInfo
shlwapi
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindFileNameA
PathFindExtensionA
PathIsDirectoryA
PathRemoveFileSpecA
SHAutoComplete
StrFormatKBSizeA
PathCombineA
uxtheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
GetWindowTheme
GetThemeSysColor
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
ole32
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoInitialize
OleDuplicateData
ReleaseStgMedium
CoInitializeEx
CoCreateInstance
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleRun
CoFreeUnusedLibraries
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemFree
OleUninitialize
StgCreateDocfileOnILockBytes
oleaut32
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SysAllocStringByteLen
VarBstrFromDate
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocString
VarDateFromStr
VariantCopy
SysStringLen
OleLoadPicturePath
VariantChangeTypeEx
VarUdateFromDate
GetErrorInfo
SysStringByteLen
LoadTypeLi
oledlg
ord1
ord8
urlmon
URLDownloadToFileA
ws2_32
getpeername
inet_ntoa
shutdown
getsockname
ntohs
accept
bind
WSAIoctl
WSASend
listen
WSACloseEvent
closesocket
WSAEventSelect
WSAWaitForMultipleEvents
WSASocketA
WSARecv
WSAEnumNetworkEvents
setsockopt
WSAGetLastError
WSACleanup
htons
gethostbyname
select
WSACreateEvent
connect
WSAStartup
socket
ioctlsocket
gdiplus
GdipFillRectangle
GdipSetCompositingQuality
GdipSetCompositingMode
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPointI
GdipGetPathGradientPointCount
GdipSetPathGradientBlend
GdipSetSmoothingMode
GdipFillRectangleI
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipDeleteStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDisposeImageAttributes
GdipCreatePath
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSetLineBlend
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateFontFromDC
GdipFillPieI
GdipSetClipRectI
GdipCreateStringFormat
GdipDeletePath
GdipAddPathEllipseI
GdipCreateLineBrush
GdipCreateLineBrushI
GdipCreateImageAttributes
GdipCreatePathGradientFromPath
imm32
ImmGetContext
ImmReleaseContext
ImmGetOpenStatus
ImmAssociateContext
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
Sections
.text Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rodata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rotext Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 851KB - Virtual size: 851KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3.1MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 305KB - Virtual size: 304KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ