Extracted

• • Target

    0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872

  • Size

    266KB

  • MD5

    c35fcc4a0cd15b508cd025933e458f7f

  • SHA1

    d164a1410a00f5957f22279ba5e7fdd7a2d59b36

  • SHA256

    0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872

  • SHA512

    f380199ed1a0b1315206be2f9ddf7509db63b1b50d9ef596872a230aec0f469a7e439e419309def785c34e090f759ae87927402f6f15f281882ba0531d4082ed

  • SSDEEP

    6144:PXzKdNY49u8rVMrWExifVEoSErr01net:Qa4ABr7+Vz01

  Score

  10^/10

  gozibankerisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2