Extracted

• • Target

    1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

  • Size

    222KB

  • MD5

    42a0ace2505232df5f4178922a374bca

  • SHA1

    8f08ce12259f02d9b6eabe80b3d248899b17e05d

  • SHA256

    1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

  • SHA512

    be082d4d538c8e0f928420549a2adc20bd819707186ea1a5d23e282a64840b2785f8584f39ae84b2f05272f5af98ace02057ee0573c8428f6c9a2829381d8282

  • SSDEEP

    3072:YYBLb95mHgC8cMDMtqW+LCyzcq7dB96PgdxdQt+FG+wD3tdmdhxH:DLbS8DGqXLfzPE4xS8Fri3tm

  Score

  10^/10

  gozismokeloader22500backdoorbankerisfbtrojan

  • Detects Smokeloader packer

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1