Extracted

• • Target

    9e7995754d8caf461ec3ee75219180deda01a79f4210901e3df2f83f02c62aa4

  • Size

    163KB

  • MD5

    fd8552a61ed6665b1d944074c4af02da

  • SHA1

    43adffb940c8cf218b83afc151d93d4beca2c920

  • SHA256

    9e7995754d8caf461ec3ee75219180deda01a79f4210901e3df2f83f02c62aa4

  • SHA512

    53c07a5275ddb73a69c5ad58226d54888bf454c8fc96f9ec3e051930d986535a5c5f03b3955157b0ade337b45d181e4d73f02f29bed1aa81cd9aa83101ce788b

  • SSDEEP

    1536:PvpvXL1V1sZvpClVfdmvN+mV7nAP7YHlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:xXp1n1oNvAP7KltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2