Extracted

• • Target

    b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7

  • Size

    163KB

  • MD5

    266494f4f2aec028356dc423006b27ab

  • SHA1

    d5ae20692f73f09dba487f16f7a3f864039f2948

  • SHA256

    b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7

  • SHA512

    ba80dee9f0be060d25f6e7b6264521adb85b7c2ca5f64923ff498cc8ddfe50bb322bb8fac7aa8f7e62068ec9906bb937aa6700c47de95d3596be4b1f2aee73f4

  • SSDEEP

    1536:POcPZl86g4DutO8rcdxT1Fqh5VlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:GaZlvgBOecdx18h5VltOrWKDBr+yJb

  Score

  10^/10

  persistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Detects executables built or packed with MPress PE compressor

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2