Extracted

• • Target

    2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b.exe

  • Size

    163KB

  • MD5

    0850b37566b220b90fe4a49ae560ca10

  • SHA1

    ff45341ae4a465791b4ff78cb1b16e74d5ed1377

  • SHA256

    2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b

  • SHA512

    32286aee577a0fdc328d0ce2b85e2140b5ca5d261e11f3301e15b5723fa7d2d37707b6de3787d6389e11586ee2bf38599ac33f149fd9a1f303e5a79a8f45ed78

  • SSDEEP

    1536:PiK6OvtzgB53ZpeViHDPznjffbHDPL3z/7njvrXTfbHDPL3z/7njvrXTfbHDPL3C:OkzgHfcDbOHR7hltOrWKDBr+yJb

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2