Trojan

Trojan:Win32/Karagany.B removal guide

Malware Removal

The Trojan:Win32/Karagany.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Karagany.B virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Karagany.B?



File Info:

name: D2255253060EBC7C4A03.mlw
path: /opt/CAPEv2/storage/binaries/242a548ab872d546289b823f957d64737928d2d8083e5b7016e410e72d912b9c
crc32: 0B217A9A
md5: d2255253060ebc7c4a034c2f10b20755
sha1: f2c95628aced8eec1262283b7a7541edad3c0bee
sha256: 242a548ab872d546289b823f957d64737928d2d8083e5b7016e410e72d912b9c
sha512: 6b0fcefa17887e54159c0e294564ebe5815b25f7dde7df340b06ca4c338e88cbd1b05387ff0c23eb40748a9395933e76829a915f9116a2e465b1ff0d05d0a913
ssdeep: 768:yIdAbXSataC5fTFPgaX8IXiUZyhaDOPfVmnTED7kQYk7zg8agx66Q4Xx+LF:yB1tl5fTFIalOaSP2bl8J6X4Xx+h
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D4533A0166634073FC921A3874BB9B624E7E7C513BF451CB2F9616AA5EB12F0BA34317
sha3_384: 8707783717cbe0927fa6eaa5e7875de9558682d579dd332665b4ce4f7626559f3bb82d4cb082a2d0b827bf4546876bdb
ep_bytes: 8bff558bec837d0c017505e80d130000
timestamp: 2010-12-05 17:08:34


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: Adobe PDF Broker Process for Internet Explorer
FileVersion: 9.4.0.195
InternalName: AcroBroker.exe
LegalCopyright: Copyright 1984-2010 Adobe Systems Incorporated
OriginalFilename: AcroBroker.exe
ProductName: Adobe PDF Broker Process for Internet Explorer
ProductVersion: 9.4.0.195
Translation: 0x0009 0x04b0

Trojan:Win32/Karagany.B also known as:

LionicTrojan.Win32.Poison.kYJP
AVGWin32:Malware-gen
DrWebTrojan.DownLoader7.46932
MicroWorld-eScanGen:Variant.Graftor.284649
FireEyeGeneric.mg.d2255253060ebc7c
SkyhighArtemis!Trojan
McAfeeArtemis!D2255253060E
Cylanceunsafe
SangforBackdoor.Win32.Karagany.Vijw
AlibabaBackdoor:Win32/Androm.d7b2ce00
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZedlaF.36802.du9@aWVrjLek
VirITTrojan.Win32.Generic.XCI
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Generik.IYNXJAP
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Androm.haut
BitDefenderGen:Variant.Graftor.284649
NANO-AntivirusTrojan.Win32.Karagany.hudvx
AvastWin32:Malware-gen
TencentWin32.Backdoor.Androm.Gtgl
EmsisoftGen:Variant.Graftor.284649 (B)
F-SecureTrojan.TR/Downloader.Gen
ZillyaTrojan.Genome.Win32.146955
TrendMicroTROJ_GEN.R002C0DAO24
SophosMal/Generic-S
IkarusTrojan.Win32.Karagany
JiangminTrojan/Generic.hkag
AviraTR/Downloader.Gen
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Hack.Androm.haut
MicrosoftTrojan:Win32/Karagany.B
XcitiumTrojWare.Win32.Magania.~awbw@f80vj
ArcabitTrojan.Graftor.D457E9
ZoneAlarmBackdoor.Win32.Androm.haut
GDataGen:Variant.Graftor.284649
GoogleDetected
ALYacGen:Variant.Graftor.284649
MAXmalware (ai score=100)
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DAO24
RisingTrojan.Karagany!8.73F5 (TFE:5:348RpXbGopE)
YandexTrojan.DL.Agent!2Lu2MvPQ1EQ
MaxSecureTrojan.Malware.94923049.susgen
FortinetW32/Dx.ZMY!tr
DeepInstinctMALICIOUS
alibabacloudVirus:Win/Epoe!U.EU

How to remove Trojan:Win32/Karagany.B?

Trojan:Win32/Karagany.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment