Extracted

• • Target

    a41dccd07811dafd6cfdcecf0fc5761f31d3a4dbbec1fbcc96556e002b4293c5N.exe

  • Size

    320KB

  • MD5

    b8aa3e04d5ebf08106317459c3fc7400

  • SHA1

    36a31df8de69b110492b5e360b8074a48e9fbe7e

  • SHA256

    a41dccd07811dafd6cfdcecf0fc5761f31d3a4dbbec1fbcc96556e002b4293c5

  • SHA512

    47ff7bce15f38c8438f9ba4588f9a391c04d62bac81190f2a2c6021896d11165ee78f6832af6a40f2f4bcfba3138f8d16965f9b90b6f7fbb9de3c3511063671c

  • SSDEEP

    6144:Kh94V8sVQ///NR5fLvQ///NREQ///NR5fLYG3eujj:+q5w/Nq/NZ/NcZq

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2