Electron.exe Stealer Gozi Analysis

Stealer Gozi
Updated on 2023-09-11 (5 months ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.138.174
DB Version:2023-09-11 05:01:17

Spy.Win32.Gozi.bot

Gozi is a multifaceted banking Trojan. Various cybercriminal groups have independently modified and deployed different versions of Gozi, such as Dreambot, which has achieved a substantial number of victims, and its continuous evolution and wide reach have established it as a prominent player within the cybercrime market.

FileElectron.exe
Checked2023-09-11 02:32:39
MD55aad6da9eb1e06fb7a249afc9f4927a8
SHA1c603222e26d5f43a1b5f6fc5347f44ca52df0a58
SHA25683394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8
SHA5122b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8
Imphash4328f7206db519cd4e82283211d98e83
File Size4163072 bytes

Spy.Win32.Gozi.bot Removal

Gridinsoft has the capability to identify and eliminate Spy.Win32.Gozi.bot without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

Translation0x0000 0x04b0
CommentsElectron UI V2 NEW
CompanyNameryos.lol
FileDescriptionElectron
FileVersion1.0.0.0
InternalNameElectron.exe
LegalCopyrightCopyright ryos.lol © 2021
LegalTrademarks
OriginalFilenameElectron.exe
ProductNameElectron
ProductVersion1.0.0.0
Assembly Version1.1.0.0

Portable Executable Info

ca61f82bd110251d75328b7a85394681
cae670e6034f6201b1c23cc7862e1150
cc767978383997d9
Image Base:0x00400000
Entry Point:0x00ba4058
Compilation:2085-04-22 16:41:13
Checksum:0x004033b9 (Actual: 0x004033b9)
OS Version:4.0
PEiD:PE32 executable (GUI) Intel 80386, for MS Windows
Sign:The PE file does not contain a certificate table.
Sections:7
Imports: kernel32, mscoree,
Exports: 0
Resources:10

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
0x00002000 0x00182000 0x000b6200 939a2ad1faad19dccb42540219cba599 8.00
0x00184000 0x0001f80f 0x0000d600 68c313796c37ad4145ae61f633c6f16b 7.99
0x001a4000 0x0000000c 0x00000200 90b54dadab4708864e1284ead0e6187d 2.92
.idata 0x001a6000 0x00002000 0x00000200 a63ac377943cd21b67130579e6e98df3 1.15
.rsrc 0x001a8000 0x0001fc00 0x0001fc00 bbe109da935e360bfdaa5a959d721de2 5.89
EZ 0x001c8000 0x005dc000 0x00000000 d41d8cd98f00b204e9800998ecf8427e 0.00
.boot 0x007a4000 0x00314a00 0x00314a00 e307408da583b232b06ae0eb6a3cac5e 7.94

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware