Extracted

• • Target

    d06e2dac6de3ec1b5ae871128ca76f30N

  • Size

    163KB

  • MD5

    d06e2dac6de3ec1b5ae871128ca76f30

  • SHA1

    f9a85e5b4d86eb8304e572c79dc838e04ec18fd3

  • SHA256

    9881a1da05c579ae955d6c637d0d2171ba17235fb988fbc8f967c09620f525ff

  • SHA512

    3546036bd4c75be65d13a88d1d19edb069020a86d9eeefa79c828cc1958c85c6754e858842d27caee03023aed745a620a1648ea5e1f639542d6f1a90d89a2a5a

  • SSDEEP

    1536:PZGzjf61jF+na30h+961bbjB4JZdWAlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:wzr65vy1PlqPltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2