Extracted

• • Target

    49ce954a4f386ba8aed1b3a457d3ed3c09429df460d6b9f2444252d49287b8fc

  • Size

    4.9MB

  • MD5

    0345345dfe4512c7454e6ea0ba7a6709

  • SHA1

    30475b5e6b68d43f29252a0f9a455b591c25a1fc

  • SHA256

    49ce954a4f386ba8aed1b3a457d3ed3c09429df460d6b9f2444252d49287b8fc

  • SHA512

    3ffc8884ff57a4b0be826a3d7698bf54b90bf46e54cf322cc28157871ccf89d08db0b9f9cdcf8a5682867737c3179a800ba910e6ef8e1116e70357ada03ea255

  • SSDEEP

    98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2