gozi.exe
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
| IP | Country | Detection |
|---|---|---|
| 144.76.136.153 | Germany |  |
| 185.189.12.123 | Russian Federation | |
| Name | IP | Detection |
|---|---|---|
| myip.opendns.com | 102.129.143.64 | |
| resolver1.opendns.com | 208.67.222.222 | |
| transfer.sh | 144.76.136.153 | |
| Click to see the 3 hidden entries | ||
| io.immontyr.com | 185.189.12.123 | |
| apr.intooltak.com | 185.189.12.123 | |
| 222.222.67.208.in-addr.arpa | 0.0.0.0 | |
| Name | Detection |
|---|---|
| http://apr.intooltak.com/vlSm5FdhwFmMvT/YOr1y3vmv8eg4Ac3b7Y_2/BxNzh6No2PWjhu_2/Fyyb9C79h8hjmv0/0MJdM07T0vYSwv1YW8/_2F13x6Wl/Lrng4lSkMN3h4WUh3_2B/V0ttocBRKlq9AtXNAro/11M6x_2BaL1Zjx_2BWp4qX/FgWuexW_2FQbO/w_2FMf21/MXsR7_2BkMZgcjp0nVIxUlY/KUQNsPRxFs/f5vu_2BQoVI2fu6H_/2BIGCwdRzvbj/hz_2BIOSiZR/JFogKN88OOAHtb/M_2BNELxC21s15Johd0jZ/ulyOnBSm1PSraDUT/nl6kvDdqLoljmN_/2B2yicis3/ZYLr |  |
| http://apr.intooltak.com/lnhNHa_2Btty8CaNj/2ZI6TN22qvUD/8ZPV4upYsm_/2FN7_2B_2BUcD0/ieoqnU4qUIxSEwBSH | |
| http://io.immontyr.com/cG9R2yLu/hwY1VC7UV0FGuTFHUDuWv94/dWPB0qINsS/UcOtH5ibuFGkRtRRz/TcTs3WrbL3kk/KH9_2B01P5_/2BqOCU5VAuO8RX/tDtOsh5JefONIGFgJjwJW/WTNQ_2BigLNUfSTv/vEQOtss42jXAD7m/Vb_2FBrZFcmnzVx4eL/FgvV_2F2J/WJxkKD87XHV59J1BIptx/grHAayUrM6ZXOpWMd4b/m8CaZcQ61hUgT0Er2sN6yR/jqxJkoogaoGBQ/oxZTsR50/IU6qlhp0LlHnTmpxFkzazjn/ZXLdcjlESY/R9eDED1XHAy_2FpXA/QYirrLarjNjS/_2Faftuam8rF_2F/1Ew | |
| Click to see the 46 hidden entries | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | |
| http://www.urwpp.deDPlease | |
| http://www.sakkal.com | |
| http://nuget.org/NuGet.exe | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| http://www.fontbureau.com | |
| http://pesterbdd.com/images/Pester.png | |
| http://ns.adobe.cmgR | |
| http://www.apache.org/licenses/LICENSE-2.0.html | |
| https://contoso.com/Icon | |
| https://transfer.sh | |
| https://github.com/Pester/Pester | |
| http://www.carterandcone.coml | |
| http://www.fontbureau.com/designers/cabarga.htmlN | |
| http://www.founder.com.cn/cn | |
| http://transfer.sh | |
| http://www.fontbureau.com/designers/frere-jones.html | |
| http://constitution.org/usdeclar.txt | |
| http://ns.adobe.ux2 | |
| https://transfer.sh4jl | |
| http://www.jiyu-kobo.co.jp/ | |
| http://www.fontbureau.com/designers8 | |
| http://ns.micro/1 | |
| http://www.sajatypeworks.com | |
| http://www.fontbureau.com/designersG | |
| http://www.fontbureau.com/designers/? | |
| http://www.founder.com.cn/cn/bThe | |
| http://www.fontbureau.com/designers? | |
| http://ns.adobp/ | |
| http://constitution.org/usdeclar.txtC: | |
| https://contoso.com/License | |
| http://https://file://USER.ID%lu.exe/upd | |
| http://www.tiro.com | |
| http://www.fontbureau.com/designers | |
| http://www.goodfont.co.kr | |
| http://www.zhongyicts.com.cn | |
| http://www.typography.netD | |
| http://www.founder.com.cn/cn/cThe | |
| http://www.galapagosdesign.com/staff/dennis.htm | |
| http://fontfabrik.com | |
| https://transfer.sh/get/3dvhcv/lia.exe | |
| https://contoso.com/ | |
| https://nuget.org/nuget.exe | |
| http://www.galapagosdesign.com/DPlease | |
| http://www.fonts.com | |
| http://www.sandoll.co.kr | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gozi.exe.log |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\RES8712.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
\Device\ConDrv |
ASCII text, with CRLF, CR line terminators | # | |
| Click to see the 19 hidden entries | |||
C:\Users\user\SettingsDocument.lnk |
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized | # | |
C:\Users\user\Documents\20220112\PowerShell_transcript.768287.AFX4atZf.20220112130217.txt |
UTF-8 Unicode (with BOM) text, with CRLF line terminators | # | |
C:\Users\user\DeviceFile.ps1 |
ASCII text, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\hscan34n.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\hscan34n.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\hscan34n.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\hscan34n.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epyy1szg.01u.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cdpkmtso.umo.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\RES73F8.tmp |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols | # | |
C:\Users\user\AppData\Local\Temp\CSC8CA7551FEF4543EEA6FB885A13AF16EB.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\CSC31C5CF8C116B47DEB51FEE2BA7A26AB5.TMP |
MSVC .res | # | |
C:\Users\user\AppData\Local\Temp\5n300s0s.out |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Local\Temp\5n300s0s.dll |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\5n300s0s.cmdline |
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators | # | |
C:\Users\user\AppData\Local\Temp\5n300s0s.0.cs |
UTF-8 Unicode (with BOM) text | # | |
C:\Users\user\AppData\Local\Temp\3B0F.bi1 |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache |
data | # | |
