Malware

W32/Ganelp-J malicious file

Malware Removal

The W32/Ganelp-J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What W32/Ganelp-J virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine W32/Ganelp-J?



File Info:

name: 216A822615CA4CC81470.mlw
path: /opt/CAPEv2/storage/binaries/63ce830fb6aa79743a50374a0ece34570429f2d5c917207b3e347e19e3169153
crc32: 6A5F2594
md5: 216a822615ca4cc81470b29cb370b3a2
sha1: a3335d63ece838d9fd82f117721becb8ed0d878c
sha256: 63ce830fb6aa79743a50374a0ece34570429f2d5c917207b3e347e19e3169153
sha512: 2b582042af56d75704fd7e412f9f37720210d43cdb94c65aa51c69d028a5a01bbc2d666ee88d3f2f4da3e8b217272bdee43c42ed88020e110aa6246143bf2346
ssdeep: 1536:FrbX+9wrnFt4y7ygVpn0uv77P11gqu87YndB5uI1sbb+dRf:BXGwpSyGgLn0sP11gqkjuIKX+dRf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A152A60E600C02AECE145BEC9A65B7ABD2C7A306B5550F3C3F8ED9DD32A5E1763054B
sha3_384: a0d744bd26eddfbd65931aa95d90e8579ededa7114f0a1e531ebd1e29ba27d509a9295a15676fbb5a7fd615a50c87071
ep_bytes: 558bec6aff68e878420068a4b1400064
timestamp: 1970-01-01 00:01:37


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 6.0.150.3
InternalName: jusched
LegalCopyright: Copyright © 2011
LegalTrademarks: 
OriginalFilename: jusched
PrivateBuild: Sun Microsystems, Inc.
ProductName: Java(TM) Platform SE 6 U15
ProductVersion: 6.0.150.3
SpecialBuild: 
Translation: 0x0000 0x04b0

W32/Ganelp-J also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKDZ.94578
FireEyeGeneric.mg.216a822615ca4cc8
SkyhighPolyPatch-UPX
ALYacTrojan.GenericKDZ.94578
Cylanceunsafe
ZillyaTrojan.Agent.Win32.3893376
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaWorm:Win32/Ganelp.9ba6
K7GWTrojan ( 001f4ea51 )
K7AntiVirusTrojan ( 004bcce41 )
BitDefenderThetaGen:NN.ZexaF.36802.4m1@aaAVwGmG
VirITTrojan.Win32.Agent3.BKGI
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Agent.SRG
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0DD124
AvastWin32:Agent-APNJ [Trj]
ClamAVWin.Trojan.BankerSpy-1
KasperskyUDS:Worm.Win32.Generic
BitDefenderTrojan.GenericKDZ.94578
NANO-AntivirusTrojan.Win32.Juched.crgskg
TencentWorm.Win32.Juched.za
SophosW32/Ganelp-J
BaiduWin32.Trojan.Agent.dc
F-SecureTrojan.TR/Crypt.XPACK.Gen5
DrWebTrojan.Siggen3.51589
VIPRETrojan.GenericKDZ.94578
TrendMicroTROJ_GEN.R002C0DD124
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKDZ.94578 (B)
MAXmalware (ai score=81)
JiangminWorm.Generic.aohx
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Crypt.XPACK.Gen5
VaristW32/FakeFolder.W.gen!Eldorado
Antiy-AVLWorm/Win32.Juched
MicrosoftWorm:Win32/Ganelp.G
XcitiumWorm.Win32.Juched.DGH@4nfk1p
ArcabitTrojan.Generic.D17172
ViRobotTrojan.Win.Z.Juched.930385
ZoneAlarmUDS:Worm.Win32.Generic
GDataTrojan.GenericKDZ.94578
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.C4537441
McAfeePolyPatch-UPX
VBA32BScope.Worm.Juched
MalwarebytesGeneric.Malware.AI.DDS
PandaGeneric Malware
RisingTrojan.Agent!1.C135 (CLASSIC)
IkarusWorm.Win32.Juched
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.SRG!tr
AVGWin32:Agent-APNJ [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Ganelp

How to remove W32/Ganelp-J?

W32/Ganelp-J removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment