Spy Win32 Gozi - Scan Report
| Online Virus Checker | v.1.0.138.174 |
| DB Version: | 2023-09-11 05:01:17 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Spy.Win32.Gozi.bot
Gozi is a multifaceted banking Trojan. Various cybercriminal groups have independently modified and deployed different versions of Gozi, such as Dreambot, which has achieved a substantial number of victims, and its continuous evolution and wide reach have established it as a prominent player within the cybercrime market.
| Checked: | 2023-09-11 02:32:39 |
| MD5: | 5aad6da9eb1e06fb7a249afc9f4927a8 |
| SHA1: | c603222e26d5f43a1b5f6fc5347f44ca52df0a58 |
| SHA256: | 83394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8 |
| SHA512: | 2b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8 |
| Imphash: | 4328f7206db519cd4e82283211d98e83 |
| File Size: | 4163072 bytes |
Spy.Win32.Gozi.bot Removal
Gridinsoft has the capability to identify and eliminate Spy.Win32.Gozi.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Translation | 0x0000 0x04b0 |
| Comments | Electron UI V2 NEW |
| CompanyName | ryos.lol |
| FileDescription | Electron |
| FileVersion | 1.0.0.0 |
| InternalName | Electron.exe |
| LegalCopyright | Copyright ryos.lol © 2021 |
| LegalTrademarks | |
| OriginalFilename | Electron.exe |
| ProductName | Electron |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.1.0.0 |
Portable Executable Info
 |
ca61f82bd110251d75328b7a85394681 cae670e6034f6201b1c23cc7862e1150 cc767978383997d9 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00ba4058 |
| Compilation: | 2085-04-22 16:41:13 |
| Checksum: | 0x004033b9 (Actual: 0x004033b9) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | kernel32, mscoree, |
| Exports: | 0 |
| Resources: | 10 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| 0x00002000 | 0x00182000 | 0x000b6200 | 939a2ad1faad19dccb42540219cba599 | 8.00 | |
| 0x00184000 | 0x0001f80f | 0x0000d600 | 68c313796c37ad4145ae61f633c6f16b | 7.99 | |
| 0x001a4000 | 0x0000000c | 0x00000200 | 90b54dadab4708864e1284ead0e6187d | 2.92 | |
| .idata | 0x001a6000 | 0x00002000 | 0x00000200 | a63ac377943cd21b67130579e6e98df3 | 1.15 |
| .rsrc | 0x001a8000 | 0x0001fc00 | 0x0001fc00 | bbe109da935e360bfdaa5a959d721de2 | 5.89 |
| EZ | 0x001c8000 | 0x005dc000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .boot | 0x007a4000 | 0x00314a00 | 0x00314a00 | e307408da583b232b06ae0eb6a3cac5e | 7.94 |
