Extracted

• • Target

    ee71b976584080fb4c3844533d24950f_JaffaCakes118

  • Size

    2.9MB

  • MD5

    ee71b976584080fb4c3844533d24950f

  • SHA1

    d07be11eca319a34993b8390ee0a0678e5c17795

  • SHA256

    17c7a99f4abe55cc23d3f770cc756c95f2f7af6b57b1e2a5840bab3c594a0e8d

  • SHA512

    7416b99090437bf825261e88f322e7916ac86ed4250af4a66395b995990e8504cf6c20362559b40673a28972d36fcccc353f7acff8ed4320a4d2e662d5cc4235

  • SSDEEP

    49152:9ABe5M8GmaNRl/Gqc8+T66K+lWQpPP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:9A02ruqc8+T6FrCPgg3gnl/IVUs1jePs

  Score

  10^/10

  discoveryupxgozibankerisfbtrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2