Extracted

Extracted

• • Target

    5016784605ad3fd883fbdfdd5fbd469f_JaffaCakes118

  • Size

    749KB

  • MD5

    5016784605ad3fd883fbdfdd5fbd469f

  • SHA1

    30100663d3d88d7399948f7f92602efcb70b5a86

  • SHA256

    14d4db1adde49001f81cb670a60f9d40fc7dea4b96cd77029ca87b44ccb586c8

  • SHA512

    3f61dac201d25c5cb8932e9bed8b762c6897462edf912091e6921f2895645908b64c91a779f8db0cac76a0ddae19808d9ba6ce7fb27cd0a0153c5bf20d01f116

  • SSDEEP

    12288:INVtF21kgh6j10JGCDn3NVEoYFA5rId7ipJC:INVtEjcMfTpYC5cmHC

  Score

  10^/10

  gozi700bankerisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2