Extracted

• • Target

    1c4a0d8dcf312f8bf91ba42e9e7ff94fd4d559f2dac5702ba91feb9301f4930e

  • Size

    4.9MB

  • MD5

    75e96c64fb3c425075660f2b2a220eda

  • SHA1

    caf080c026c1002d03bb1059aabffab0b95e930f

  • SHA256

    1c4a0d8dcf312f8bf91ba42e9e7ff94fd4d559f2dac5702ba91feb9301f4930e

  • SHA512

    44afe5a308c6d5946b742e8c74519b1f2e108fd7f4ee31a0f262e98be4add7514d5e5bd2457cf5b0a2863e9403549bd110d8887b461827f393975c7d17efd265

  • SSDEEP

    98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2