Extracted

• • Target

    a29f77b308aaf0db99159bf2fd546054_JaffaCakes118

  • Size

    2.9MB

  • MD5

    a29f77b308aaf0db99159bf2fd546054

  • SHA1

    821cd8259859d352a310925eac1fba5cd3fea223

  • SHA256

    1683066f95e4ba1738602aa34493481e138a877dbdb3f4892eb7c4720be10b79

  • SHA512

    3289bcfb88fd2c7de8386eeecff939289cb13cd3a080c0084932e407a2e90477ba876514c8a121689eb3e4e2a6eea04f1616ec157a733e9d272f4f425addfb6c

  • SSDEEP

    49152:diUHXgZpqe9fA8NP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:w2gSdUgg3gnl/IVUs1jePs

  Score

  10^/10

  discoveryupxgozibankerisfbtrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2