Backdoor

Backdoor.Win32.Poison.jvha (file analysis)

Malware Removal

The Backdoor.Win32.Poison.jvha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Poison.jvha virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Starts servers listening on 0.0.0.0:19730
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Poison.jvha?


File Info:

crc32: 2081841F
md5: 59e13a1e294d9a463408e27df56fc063
name: 59E13A1E294D9A463408E27DF56FC063.mlw
sha1: 380848967ffd659a2f53448cafe69be79c800978
sha256: 1fa99661662ea3236d2e7ee2e654d51851aecfa938231b7739dbfe0aece8e4e4
sha512: 3979cf47c260adee9b07e3aa8b819ae78737a83450d0ea7a85a6bd846f7dff87d62755cac21bc253c22df66ac7fe8d2189b0a318af7d6cea66961bc0167b5547
ssdeep: 24576:S+LnSVrn2zm+GGb79H8QYqRN7mWk68yIhllEOijj:S+Ln+b2zrGG/xVYOm/68y6LExj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248
FileVersion: 1.0.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: x6613x8bedx8a00x7a0bx5e8f
ProductVersion: 1.0.0.0
FileDescription: x6613x8bedx8a00x7a0bx5e8f
Translation: 0x0804 0x04b0

Backdoor.Win32.Poison.jvha also known as:

K7AntiVirusTrojan ( 0054339d1 )
Elasticmalicious (high confidence)
ALYacGen:Variant.Graftor.754153
CylanceUnsafe
BitDefenderGen:Variant.Graftor.754153
K7GWTrojan ( 0054339d1 )
Cybereasonmalicious.e294d9
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Virbox.A suspicious
ZonerProbably Heur.ExeHeaderH
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Poison.jvha
NANO-AntivirusTrojan.Win32.Poison.jcivow
MicroWorld-eScanGen:Variant.Graftor.754153
Ad-AwareGen:Variant.Graftor.754153
SophosMal/Generic-S
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
BitDefenderThetaGen:NN.ZexaF.34170.oD3@a8DAJcnb
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
FireEyeGeneric.mg.59e13a1e294d9a46
EmsisoftGen:Variant.Graftor.754153 (B)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Emotet!ml
GridinsoftTrojan.Win32.Gen.bot!i
ArcabitTrojan.Graftor.DB81E9
GDataWin32.Application.PUPStudio.A
AhnLab-V3Malware/Win32.RL_Generic.R365589
McAfeeArtemis!59E13A1E294D
MAXmalware (ai score=84)
VBA32BScope.Trojan.Kraplick.vck
MalwarebytesPUP.Optional.ChinAd
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R005H07IH21
IkarusPUA.Virbox
FortinetRiskware/Poison
Paloaltogeneric.ml

How to remove Backdoor.Win32.Poison.jvha?

Backdoor.Win32.Poison.jvha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment