Extracted

• • Target

    b048825bc71a61f50147e9772d92e673_JaffaCakes118

  • Size

    2.9MB

  • MD5

    b048825bc71a61f50147e9772d92e673

  • SHA1

    356b97ae67042995f2f60820c1e032c4eccc8318

  • SHA256

    ff0ad3b2490d18ec3eb2ada2d9adf3b3a2aa9be46b9f82ee3c15395c6a3f7964

  • SHA512

    40d32a872a41ed489b94a6da4206c43422ee0fa9104d02c0c1f13d3bcd7a29255596fc59793ef8b1e28c127dffc479b35e57b30855d5a834f2fde54762e3fbc1

  • SSDEEP

    49152:sfx3EU197JkKk5b6751a217yP7YFN/IP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:uiU19G9K1FIvgg3gnl/IVUs1jePs

  Score

  10^/10

  discoveryupxgozibankerisfbtrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2