moded
ursnif/ --+-- > gozi (original name CRM)
snifula        |
               |<- goziv2/gozi prinimalka - rovnix used as a protector in some cases
           ____|___________________________________
          |                                        |
         isfb                                    vawtrak <- pony
          |                                        | 
__________|____________________                    | 
|         |        |           |                 vawtrak v2 
|         |        |           |                   |
dreambot* iap*  powersniff   goznym**  <- nymaim   + <- eol?


(* propably some others but only diffrence are c&c panels, 
(* those are 2 strains im seing being developed and are closest to `original` isfb
(** isfb dll incorportated into nymaim)


some unpacked examples or links:
ursnif     - https://virustotal.com/en/file/b5931739cda5d7d9989cc15f8213f9372e5a395dc694f66636e7493439b0e521/analysis/
dreambot   - https://virustotal.com/en/file/cf2a925a395211a69daa0f59c6432383b708e1d291c084ecddc8b5671ad28023/analysis/
iap        - https://virustotal.com/en/file/ffcb650b28719d3bde1b032b14cfe7f5d7f2a73878d752737da0ba8a4f8bb70c/analysis/
powersniff - https://virustotal.com/en/file/048ae3ffd293ec05385a16098cf4fd9f86bbd52aba2571217ae18a3519b7ce3a/analysis
vawtrak v1 - https://virustotal.com/en/file/9448f7ce348fc2ff88cb955baf0213298fb2bf7231af9b9a704a4dbce5ba8a82/analysis/
vawtrak v2 - https://virustotal.com/en/file/dc6ff578f7509ffc94a1bbff83576341e053ce064b9b8ee27af17d615682dfcb/analysis/
nymaim	   - https://virustotal.com/en/file/e1e35f3e37257ea2788b2906811f6e9efbae4a9838c5a7c251d40842f4aa226e/analysis/
isfb       - https://github.com/gbrindisi/malware/tree/master/windows/gozi-isfb
goziv2     - http://blog.malwaremustdie.org/2013/02/the-infection-of-styx-exploit-kit.html