Using this site

Please ensure you understand and agree with our data protection policy before using this site. Review Policy

Lib.cfg Ransomware Banker Analysis

Ransomware Banker
Updated on 2024-04-27 (19 days ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.173.174
DB Version:2024-04-27 09:00:16

Ransom.Win32.Banker.sa

A Banker Trojan, often referred to as a Banking Trojan or Bank Trojan, is a type of malware specifically designed to target online banking and financial services. These Trojans are created with the primary objective of stealing sensitive financial information, such as login credentials, account numbers, and personal identification details, from victims who use online banking platforms. The stolen information is then typically used for financial fraud, unauthorized transactions, or identity theft.

Filelib.cfg
Checked2024-04-27 09:15:24
MD54e6a7ee0e286ab61d36c26bd38996821
SHA1820674b4c75290f8f667764bfb474ca8c1242732
SHA256f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3
SHA512f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a
Imphash0392634acac147c03d108c2d046e7996
File Size244224 bytes

Ransom.Win32.Banker.sa Removal

Ransom.Win32.Banker.sa Removal

Gridinsoft has the capability to identify and eliminate Ransom.Win32.Banker.sa without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

FileVersionRaw17.0.33926.201
ProductVersionRaw17.0.33926.201
FileDescriptionvshost
FileVersion17.0.33926.201 (WinBuild.170101.0800)
InternalNamevshost.exe
OriginalFilenamevshost.exe
ProductVersion17.0.33926.201
Translation0x0409 0x04b0

Portable Executable Info

Image Base:0x00400000
Entry Point:0x00419574
Compilation:2023-10-30 15:54:56
Checksum:0x00000000 (Actual: 0x0004a6b6)
OS Version:6.0
PEiD:MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
Sign:The PE file does not contain a certificate table.
Sections:4
Imports: KERNEL32,
Exports: 0
Resources:2

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x0002d798 0x0002d800 a32d7d59fe9e735a87258a499951947b 6.56
.rdata 0x0002f000 0x0000c8ba 0x0000ca00 a881355447d3acaf739df2f0b501adcc 4.45
.data 0x0003c000 0x00001f98 0x00001000 67208bb52525628617bd2dc05125a3a9 2.73
.rsrc 0x0003e000 0x000004b4 0x00000600 f3a6e2a0ef8254595be20745f2994dfd 3.49

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Learn more Download Now
Gridinsoft Anti-Malware