Extracted

• • Target

    e24537cc5cc2a0c3d2b0a436225bcb9f_JaffaCakes118

  • Size

    3.5MB

  • MD5

    e24537cc5cc2a0c3d2b0a436225bcb9f

  • SHA1

    f0c95f060d39c0b7278259a67f947b7617fa16f9

  • SHA256

    c58f196fdf796e7ee65379f54a74a2bf99c1d76148d0bc3fb18376dfe83d09e3

  • SHA512

    ce854efc998042fd2a9728100c24821117daac275a9ab8850bbff151dd3aeee6f16af7224d8b057514dc662e85968a631f42bc38bdb135e96f72d9c00373341d

  • SSDEEP

    98304:qTe3GIxSRqXxpS/bvI5HYuirZlRx1npV9u1O:qe3GIxSRwxGIRFir/R7npVMo

  Score

  10^/10

  gozibankerdiscoveryisfbtrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2