Trojan.Win32.Gofot.qoz (file analysis)

The Trojan.Win32.Gofot.qoz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Gofot.qoz virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Trojan.Win32.Gofot.qoz?


File Info:
name: 31E2ADEEB921AE692606.mlw
path: /opt/CAPEv2/storage/binaries/9a6f9fe3c9d358c32aabb944bbca5ef706f94a6a9a2bd46dd2a71ed699b58735
crc32: 85033C9E
md5: 31e2adeeb921ae6926066c67e5bdf2a5
sha1: a64034a1aa7ef16874a3f35bf1021bcf8d4d9125
sha256: 9a6f9fe3c9d358c32aabb944bbca5ef706f94a6a9a2bd46dd2a71ed699b58735
sha512: 2b37796a42edef1a047227cbcf6713a7a2e6a3b5db4b464f6092e15cc8248db2566b753daa76e033814038a963515db273afc28fe8a3137ff13f333cd53d0992
ssdeep: 192:T3iH8D6I9XpVmNgBbi7tLS0hGoD/yDNi:TSkXpENgti7wqD/yDs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172841F125168A361E33846717D7293A754AFFCF079409F5BABCA59293B31243CBA071F
sha3_384: 6f7df4fd8f74b16a6ed2a9c29ec07bd77a91299e137558479c3b6615045771df7101a32c56e13743e84984e784c91da1
ep_bytes: 6834f44500e8eeffffff000000000000
timestamp: 2008-09-16 08:12:02

Version Info:
Translation: 0x0409 0x04b0
ProductName: Install
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Install
OriginalFilename: Install.exe

Trojan.Win32.Gofot.qoz also known as:

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Malware.ym0@ampTcAci
FireEye	Generic.mg.31e2adeeb921ae69
ALYac	Gen:Trojan.Malware.ym0@ampTcAci
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Trojan.Win32.Spy.405504
Alibaba	Trojan:Application/Generic.44d80036
Cybereason	malicious.eb921a
BitDefenderTheta	AI:Packer.56025E551C
VirIT	Trojan.Win32.Generic.YZD
Symantec	Downloader
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Gofot.qoz
BitDefender	Gen:Trojan.Malware.ym0@ampTcAci
Avast	FileRepMalware [Trj]
Emsisoft	Gen:Trojan.Malware.ym0@ampTcAci (B)
VIPRE	Gen:Trojan.Malware.ym0@ampTcAci
TrendMicro	Mal_Banld-5
McAfee-GW-Edition	BehavesLike.Win32.Infected.fz
Sophos	Mal/Generic-S
GData	Gen:Trojan.Malware.ym0@ampTcAci
Webroot	W32.Malware.Gen
Xcitium	Malware@#2u2ae9cmsz4ak
Arcabit	Trojan.Malware.EA1DE3
ZoneAlarm	Trojan.Win32.Gofot.qoz
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	Artemis!31E2ADEEB921
MAX	malware (ai score=90)
VBA32	Trojan.Zpevdo
Cylance	unsafe
TrendMicro-HouseCall	Mal_Banld-5
Rising	Malware.Undefined!8.C (TFE:5:nxbwVgP8f9F)
Yandex	Trojan.GenAsa!G6eltLZUS4U
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.EHLJ!tr.dldr
AVG	FileRepMalware [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan.Win32.Gofot.qoz?

Trojan.Win32.Gofot.qoz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X