Adware.Graftor.290828 (B) (file analysis)

The Adware.Graftor.290828 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Adware.Graftor.290828 (B) virus can do?

Presents an Authenticode digital signature
A process attempted to delay the analysis task.
Reads data out of its own binary image
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Queries information on disks, possibly for anti-virtualization

Related domains:

z.whorecord.xyz

a.tomx.xyz

query.run456.com

How to determine Adware.Graftor.290828 (B)?


File Info:
crc32: 2F9D184A
md5: c9a2b6eb0bad24d2112483dae769c1e6
name: Gamestart.exe
sha1: ff192268ae530c5e63df02390b640c73d0b9e466
sha256: 906e9402b06f47c346effaf710da6df1e36d227bca089fbe4826cf58dca6aa00
sha512: 00e4bd9e9a5221e8a8e71b35a577b4f8c26afdc57c11ebaf3904f587f92fc8593b57648d0b97db40642c4f990dc8ac5c7593b0f3e94d87952e4aed0d600cd5ee
ssdeep: 24576:uKUNEataQ7CxaOvEBgCWC1TVQ93z3iA+bquoOsEW0O39sLdNmvmTiQ6BESmiy++:PeEa9CdC1TVQHaDONsLdNlTiQkESnA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 2015
InternalName: x6e38x620fx5b89x88c5x7a0bx5e8f
FileVersion: 2.3.0.367
ProductName: x6e38x620fx5b89x88c5x7a0bx5e8f
ProductVersion: 2.3.0.367
FileDescription: x6e38x620fx5b89x88c5x7a0bx5e8f
OriginalFilename: setup.exe
Translation: 0x0804 0x04b0

Adware.Graftor.290828 (B) also known as:

MicroWorld-eScan	Gen:Variant.Adware.Graftor.290828
FireEye	Generic.mg.c9a2b6eb0bad24d2
ALYac	Gen:Variant.Adware.Graftor.290828
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Adware ( 00561ec01 )
BitDefender	Gen:Variant.Adware.Graftor.290828
K7GW	Adware ( 00561ec01 )
Cybereason	malicious.b0bad2
TrendMicro	TROJ_GEN.R002C0PHJ19
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R002C0PHJ19
Avast	Win32:Adware-gen [Adw]
ClamAV	Win.Malware.Agent-6369865-0
GData	Gen:Variant.Adware.Graftor.290828
Kaspersky	not-a-virus:AdWare.Win32.Kuaiba.bpd
Alibaba	AdWare:Win32/Kuaiba.1dd5e0d8
NANO-Antivirus	Riskware.Win32.Kuaiba.esyjzv
ViRobot	Adware.Kuaiba.1721848
AegisLab	Adware.Win32.Kuaiba.2!c
APEX	Malicious
Ad-Aware	Gen:Variant.Adware.Graftor.290828
Sophos	Generic PUA PP (PUA)
Comodo	ApplicUnwnt@#a49tfbe7qgww
F-Secure	Adware.ADWARE/Kuaiba.ygcus
DrWeb	Trojan.DownLoader25.38574
Zillya	Adware.KuaibaCRTD.Win32.960
Invincea	heuristic
McAfee-GW-Edition	GenericRXES-JZ!C9A2B6EB0BAD
Emsisoft	Gen:Variant.Adware.Graftor.290828 (B)
SentinelOne	DFI – Suspicious PE
Cyren	W32/Adware.DHPJ-4181
Jiangmin	AdWare.Kuaiba.bf
Webroot	W32.Adware.Gen
Avira	ADWARE/Kuaiba.ygcus
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Win32.BTSGeneric
Endgame	malicious (high confidence)
Arcabit	Trojan.Adware.Graftor.D4700C
ZoneAlarm	not-a-virus:AdWare.Win32.Kuaiba.bpd
Microsoft	PUA:Win32/Kuaiba
McAfee	GenericRXES-JZ!C9A2B6EB0BAD
VBA32	Trojan.Downloader
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Adware.Kuaiba.L
Rising	Malware.Generic.5!tfe (CLOUD)
Yandex	PUA.Kuaiba!
eGambit	Unsafe.AI_Score_99%
Fortinet	Riskware/Kuaiba
AVG	Win32:Adware-gen [Adw]
Paloalto	generic.ml
MaxSecure	Trojan.Malware.11379019.susgen

How to remove Adware.Graftor.290828 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Adware.Graftor.290828 (B) (file analysis)