Extracted

• • Target

    b7b60f40d54acafc51e9d9085173d178_JaffaCakes118

  • Size

    53KB

  • MD5

    b7b60f40d54acafc51e9d9085173d178

  • SHA1

    6df5521548d757c6c3b733aeea0a7c4769296efb

  • SHA256

    d8556a5f40b0e2f1e8b573fa30bd9bfc194e45cf315021a90ccb5f68f5239617

  • SHA512

    74876d685803a674c6cf6897798b19c0e37931e439fdf45d8fe6e65b7c017d7409ac5a55c1fe8a425e6d586cc40f830b89ffc1f5d8b33695efd6b0ce711e3130

  • SSDEEP

    768:MRSL/qpe0RYzIVz85KpBw+qLTSijd1qCtzlXa1ZYRG28uhog+fTT7nmBBUnXG17l:MRSAZ7VhKDTSijd1q0E2higi+snXw7nl

  Score

  10^/10

  discoveryupxgozibankerisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2