Extracted

• • Target

    744f2050b66a258d89f5b8186a00c37ff79a91ff3781bdd8c799ae268db8b228

  • Size

    4.9MB

  • MD5

    26c96087a41c03da21c6651ddf185949

  • SHA1

    f797814e0af133c42b3c39e2aaaab47849db106f

  • SHA256

    744f2050b66a258d89f5b8186a00c37ff79a91ff3781bdd8c799ae268db8b228

  • SHA512

    e0eae3a90b071af64e65aa2efe8b4bf7953f211d36517d7b333ce810ede867511dda48ba2ff6d6036badff49ed3135eb660c23fbdbf8f73125112ddc98b921e4

  • SSDEEP

    98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2