Comments on: Win32/Gataka banking Trojan – Detailed analysis http://www.welivesecurity.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Jean-Ian Boutin http://www.welivesecurity.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis/#comment-1057 Tue, 28 Aug 2012 16:27:20 +0000 http://blog.eset.com/?p=14719#comment-1057 Hi Greg,

Here is a list of some of the plugins’ md5 I analyzed. For the droppers md5, please refer to the first blogpost.

Interceptor.dll: 7d44e5de4c024c77de1fa5a875ab5673
Webinject.dll: 5a15ddcf5e73a5fb64f573e96b60a678
Coredb.dll: e98598e6ed3073e0f83daf771016b104

]]>
By: Greg http://www.welivesecurity.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis/#comment-1056 Thu, 16 Aug 2012 22:23:08 +0000 http://blog.eset.com/?p=14719#comment-1056 What is the md5 of the sample you are analyzing here?

]]>
By: oleg http://www.welivesecurity.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis/#comment-1055 Wed, 15 Aug 2012 20:20:19 +0000 http://blog.eset.com/?p=14719#comment-1055 “There are some strings referring to Chrome, but it seems that this browser is not yet supported”

Chrome relies on Windows internal mechanisms for SSL verification. Basicaly, malware’s routines for IE = routines for Chrome :)

]]>
By: chartist http://www.welivesecurity.com/2012/08/13/win32gataka-banking-trojan-detailed-analysis/#comment-1054 Tue, 14 Aug 2012 17:16:41 +0000 http://blog.eset.com/?p=14719#comment-1054 amazing indepth analysis and explanation, thanks. Keep up the good work and reach more people with this valuable content.

]]>