Extracted

• • Target

    3f325d71c97b4f2ae0765d0af71f4424_JaffaCakes118

  • Size

    338KB

  • MD5

    3f325d71c97b4f2ae0765d0af71f4424

  • SHA1

    11461dda7a7246b6827a42e27766851c4cf077b9

  • SHA256

    da66162d6a2b5cb086ddbf9da0283c776ecfa9486ddf44987f422da56008afa4

  • SHA512

    9db8b99a0882f96f094f035163d4a8f8636e547adce3fd4da7d937499fff636fcdfc5f603cfe9cbb0fd55784a3615faadb41112229e6bcd9d9c4944ef7ae8d19

  • SSDEEP

    6144:tA5wVdCy6wrbDY0rDqTWC4zEDzKuTrSbxc97cuEYScVkTmu+XtYjSQ72JiJi:tjyy64VrDqTWIzW+9Ylk0utBWbJi

  Score

  10^/10

  gozibankerbootkitdiscoveryisfbpersistencetrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2