Malware

W32/Ganelp-C removal

Malware Removal

The W32/Ganelp-C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What W32/Ganelp-C virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Operates on local firewall’s policies and settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine W32/Ganelp-C?



File Info:

name: 2BD1959EEF138A79D9D7.mlw
path: /opt/CAPEv2/storage/binaries/bbb9d27b4e6a2ded05f4aefd88f624879d63dbb275982ead5404ed550619984e
crc32: 0962ECA6
md5: 2bd1959eef138a79d9d7c1dfbcff5d6e
sha1: 998f258fbf44a1ae80227c23055dd42cd82cea2b
sha256: bbb9d27b4e6a2ded05f4aefd88f624879d63dbb275982ead5404ed550619984e
sha512: 6953cc5d00dff3925b0e5cfd8ca7f7e5bcfb8c18e7cd7d68124f11a1344aa2ca40f09d62ac5f6c1725a099a46c70e3c36288d9de4f67a5618d63e32a62ccf140
ssdeep: 1536:kfvVte+7YkayZ+OttmxKLjWlSA8Zp5JAJjHSSRAQCkr2AF:kfvVteka8+OtAcKlSRz5ZSRBdr2AF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B746C21F740C06EE0E242F5C5A64777BA782E306B0490F3D3F5B99E57792E6793068A
sha3_384: 592df518e226ab624d840b082de57a7494d577bc49659bde21a27276ff36d3b60549986e0220effb52ce9deca7d3e940
ep_bytes: 558bec6aff68e85742006834a8400064
timestamp: 2011-11-13 00:20:09


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 6.0.150.3
InternalName: jusched
LegalCopyright: Copyright © 2011
LegalTrademarks: 
OriginalFilename: jusched
PrivateBuild: Sun Microsystems, Inc.
ProductName: Java(TM) Platform SE 6 U15
ProductVersion: 6.0.150.3
SpecialBuild: 
Translation: 0x0000 0x04b0

W32/Ganelp-C also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKDZ.82423
SkyhighPolyPatch-UPX
McAfeePolyPatch-UPX
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Agent.Win32.183487
SangforSuspicious.Win32.Save.ins
K7GWTrojan ( 001f4ea51 )
K7AntiVirusTrojan ( 004bcce41 )
ArcabitTrojan.Generic.D141F7
BaiduWin32.Trojan.Agent.dc
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/Agent.SRG
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R03BC0CDN24
ClamAVWin.Trojan.BankerSpy-1
KasperskyWorm.Win32.Juched.fhz
BitDefenderTrojan.GenericKDZ.82423
NANO-AntivirusTrojan.Win32.Juched.fdykav
AvastWin32:Dropper-GHV [Drp]
TencentTrojan.Win32.FakeFolder.uu
EmsisoftTrojan.GenericKDZ.82423 (B)
GoogleDetected
F-SecureTrojan.TR/Buzy.416012
DrWebTrojan.Siggen3.24331
VIPRETrojan.GenericKDZ.82423
TrendMicroTROJ_GEN.R03BC0CDN24
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.2bd1959eef138a79
SophosW32/Ganelp-C
SentinelOneStatic AI – Malicious PE
JiangminWorm.Juched.ap
WebrootW32.Worm.Ganelp
VaristW32/Kryptik.LZQ.gen!Eldorado
AviraTR/Buzy.416012
MAXmalware (ai score=86)
Antiy-AVLWorm/Win32.Juched
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.Jushed.KA@4cysvx
MicrosoftWorm:Win32/Ganelp!atmnm
ZoneAlarmWorm.Win32.Juched.fhz
GDataTrojan.GenericKDZ.82423
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.C4537441
VBA32Worm.Juched
ALYacTrojan.GenericKDZ.82423
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Agent!1.C135 (CLASSIC)
IkarusTrojan.Win32.Webprefix
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.SRG!tr
BitDefenderThetaGen:NN.ZexaF.36804.vm1@aqPWeDpG
AVGWin32:Dropper-GHV [Drp]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Ganelp

How to remove W32/Ganelp-C?

W32/Ganelp-C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment