home

graphdriver.exe

Assertrix

Eric Lawrence

The executable graphdriver.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Sterowniki’.
Publisher:
Hypocone0  (signed by Eric Lawrence)

Product:
Assertrix

Description:
larnaudian

Version:
6.09.0009

MD5:
173f854eb7f38125ea853a517a2999d8

SHA-1:
4de238e675a8adce5e4b40801ab83ed4a2fee8aa

SHA-256:
70ba980183df51d0615bbe804a7746a974e0fc140927d2dd34cf98b6f4753b0e

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/25/2024 2:37:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.JVD.4
360

Agnitum Outpost
Trojan.Neurevt
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.08.30

Avira AntiVirus
TR/VB.Downloader.1175
8.3.2.2

Arcabit
Trojan.JVD.4
1.0.0.425

avast!
Win32:Malware-gen
2014.9-160209

AVG
SHeur4
2017.0.2838

Baidu Antivirus
Trojan.Win32.Neurevt
4.0.3.1629

Bitdefender
Gen:Heur.JVD.4
1.0.20.200

Comodo Security
UnclassifiedMalware
23114

Dr.Web
Trojan.Betabot.3
9.0.1.040

Emsisoft Anti-Malware
Gen:Heur.JVD
8.16.02.09.05

ESET NOD32
Win32/Neurevt
10.12172

Fortinet FortiGate
W32/Injector.BWAN!tr
2/9/2016

F-Secure
Gen:Heur.JVD.4
11.2016-09-02_3

G Data
Gen:Heur.JVD
16.2.25

IKARUS anti.virus
Trojan.Win32.Neurevt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2017054

Kaspersky
Trojan.Win32.Neurevt
14.0.0.686

Malwarebytes
Trojan.EDVBGen
v2016.02.09.05

McAfee
PWSZbot-FAHG!173F854EB7F3
5600.6494

Microsoft Security Essentials
Trojan:Win32/Neurevt.C
1.1.12002.0

MicroWorld eScan
Gen:Heur.JVD.4
17.0.0.120

NANO AntiVirus
Trojan.Win32.Neurevt.dlmrvq
0.30.24.3283

nProtect
Trojan/W32.Neurevt.208648
15.08.28.01

Panda Antivirus
Trj/Genetic.gen
16.02.09.05

Qihoo 360 Security
Win32/Trojan.ce2
1.0.0.1015

Quick Heal
VirTool.VBInject.LE3
2.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R002C0CHM15
10.465.09

Vba32 AntiVirus
Trojan.Neurevt
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43302

Zillya! Antivirus
Trojan.Neurevt.Win32.762
2.0.0.2379

File size:
203.8 KB (208,648 bytes)

Product version:
6.09.0009

Copyright:
Poquelin6

Trademarks:
blemishing

Original file name:
euphrasy.exe

File type:
Executable application (Win32 EXE)

Language:
Wloski (Wlochy)

Common path:
C:\users\{user}\appdata\roaming\sterowniki graficzne\graphdriver.exe

Digital Signature
Signed by:
Eric Lawrence

Authority:
COMODO CA Limited

Valid from:
1/19/2012 1:00:00 AM

Valid to:
1/19/2015 12:59:59 AM

Subject:
CN=Eric Lawrence, O=Eric Lawrence, STREET=15724 NE 53rd Street, L=Redmond, S=WA, PostalCode=98052, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6D398872131657667B476252BA58C3F3

File PE Metadata
Compilation timestamp:
12/27/2014 8:02:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:dRtx15pdI6d/osR8t2tTl9NKvTAhDgOsslOth9iCOPLpjtYK0+9+e+s+0+0aSqM1:L/RBR8YBlwTAhD+GGHqmdw

Entry address:
0x127C

Entry point:
68, 98, 92, 42, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, F7, AB, B0, 31, 49, 5B, 1B, 48, 9C, 5C, A4, 45, A4, 5F, 03, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 31, 42, 2D, 41, 46, 43, 4D, 61, 6E, 72, 6F, 6F, 74, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, 0C, 50, 32, 22, 75, C9, 1A, 45, A5, 4F, E7, 29, 31, 38, FC, F9, CE, 0B, F6, 61, F6, 5B, BE, 45, B2, 26, 4A, 7E, 18, B4, 0E, 7B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
188 KB (192,512 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Sterowniki

Command:
"C:\users\{user}\appdata\roaming\sterowniki graficzne\graphdriver.exe"


Remove graphdriver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.