Extracted

• • Target

    VirusShare_7afb45ac5810698b4f3d8bc49e5d02c9

  • Size

    526KB

  • MD5

    7afb45ac5810698b4f3d8bc49e5d02c9

  • SHA1

    82ac0b36bc447b697a907067a4163f4904d8ab25

  • SHA256

    336e5e72892c6ac686f60e22a98848100e6af98f52490af608e0c930afef5798

  • SHA512

    d867f302850a493d0424ad18b2adb110704c7eafde5a1fbb0eef9f109d366d0758bddbece0b8a0a0d5482b5ccf39e0dadff9dc143162eb5710c8639acc88db21

  • SSDEEP

    12288:Y3oGlmVDxLpA4pxc7wak9J5Q4xyhdG0++sVMJG2T7D/mxeT6xY:bVDZi4QEakn5PS+yFTXmAOxY

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2