Extracted

• • Target

    71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6

  • Size

    163KB

  • MD5

    2ef6f2ab3dda1ecab6f96e20c8ea47f2

  • SHA1

    2dd3dc91a6b1fc70065a965f8164ee0413dea487

  • SHA256

    71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6

  • SHA512

    76147da5f3eb5c5ebe408011e89c6cae709f8df2cb502d25aa1f2de7fac04c9cd64369ac155f6b932248d123bc018a2dc42bb8b9f91f45c713e0387d777c1f09

  • SSDEEP

    1536:PiML+CBIuD7bJmw2vF9b+Pom4enxtasJzlProNVU4qNVUrk/9QbfBr+7GwKrPAsf:KMicD/JcvF9W+tsJzltOrWKDBr+yJb

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Detects executables built or packed with MPress PE compressor

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2