Extracted

• • Target

    c6197923fa04b39111ec34311b57e7ce70beebf0a36867b09a355f84291bae0e

  • Size

    4.9MB

  • MD5

    866403d654ec0e8c7e72b79a003e87bb

  • SHA1

    26d43bc0cd32455df91c61c1fda0e2a72058d62d

  • SHA256

    c6197923fa04b39111ec34311b57e7ce70beebf0a36867b09a355f84291bae0e

  • SHA512

    4faebc62548f7be791e3eee360261acfd805a76e0590083f9d513aa09771271be0036ba36bdd84f7d1c6bfec9d75332b7fb15a0a767484b7b60aecc9105e4df5

  • SSDEEP

    98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2