Extracted

• • Target

    JaffaCakes118_51045137416f6b58fbd97c0702fb2b6b

  • Size

    19KB

  • MD5

    51045137416f6b58fbd97c0702fb2b6b

  • SHA1

    cce9cb8393ec00bec05e0855500a578b0dc7ca1f

  • SHA256

    77c4732c7a775660d950d4cd952150a145f317dad0657dfc6b64c1227989e1db

  • SHA512

    c64dc192830f354087e3483592c7ca5ac29177f521d9561fdbfa726d85c2fd5cc059b24ff31b2bcc5deaa9e21acdd974014378113b7f461db949432c85433c2b

  • SSDEEP

    384:yF5wSY5FcFTOjAjqMDP/Ik2qK7maNJawcudoD7Ubd:yFE5FoTJZKN7HnbcuyD7U

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2