Extracted

• • Target

    bfb57012820e086615371abf0367f78a_JaffaCakes118

  • Size

    2.9MB

  • MD5

    bfb57012820e086615371abf0367f78a

  • SHA1

    25dc2b1477bacedc190855ae26531b2cf63429dd

  • SHA256

    fd01737d313ed9f26ae80f86d2002dc6f4934ba33911adb08468ca9f2663c3a4

  • SHA512

    e71bc91ce1d23a97cc06bcb9459127d963cdc25413992dd5ad287040d4ca9a58d5c7d630bab3657121cda3afa63537bf558a9e468bf4b2f5547723f2f44dace2

  • SSDEEP

    49152:6XZxoWVuf0CHSfnE+Fr8z2N74NH5HUyNRcUsCVOzetdZJ:8HMfqnF8S4HBUCczzM3

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2