Extracted

• • Target

    JaffaCakes118_209f12f13cb36cf4f765e4c089b80e65

  • Size

    341KB

  • MD5

    209f12f13cb36cf4f765e4c089b80e65

  • SHA1

    181e094377bf31f8d5a2926dbbdd248cbe316227

  • SHA256

    67222fac4375960254ca1e834e3af78430ee8cf7e04be1b1bbe3acbdcc3cb427

  • SHA512

    ad1003ee561a005ffadb5e175fd48d86e9df6980c6925cae610e749823acdf5ffbd509ea834e1d6cd5ac1cfdbfa95dc16ab18c8cd1c8f8b25719861cc6c3c0de

  • SSDEEP

    6144:ffZ/nwzIhoZib9i0ju9BKVoEZUWywUdiWxOyA/AH2MG+l3KOSLc:ffpPOZiBiq3zxywYxpCAF3hSL

  Score

  10^/10

  gozibankerbootkitdiscoveryisfbpersistencetrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2