Malware

How to remove “Application.Graftor.970863”?

Malware Removal

The Application.Graftor.970863 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Graftor.970863 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Application.Graftor.970863?



File Info:

name: 029E0EA8892D33E9F58C.mlw
path: /opt/CAPEv2/storage/binaries/64928b95ed923d62527441c7d553d64fe72dabc538d040cfa71858d7c3b5c3c4
crc32: 6CF9929B
md5: 029e0ea8892d33e9f58c00a4f2ab5857
sha1: ef637ea687f208f0c4929730df926117f611f550
sha256: 64928b95ed923d62527441c7d553d64fe72dabc538d040cfa71858d7c3b5c3c4
sha512: 6d5ead64f422995eb9dcea1d9505317bb4d4b4bfbd0f1315d2471bbc054538eabb024cb368a76341d4b853c3b24f8b77ec0cd2595e435b99458be52ef57fe573
ssdeep: 393216:u5sOBFPo3i14X9yNdQaDkH+PHQMBQqH1Vlg4BYAZw:ubBFA3W4GdjkH+PLfHFx1i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E2E63322B86D41EBDD153D72ED244191219308F9A45ABCECFAEEFF94B61C34085EA50F
sha3_384: 64b66c3cb3c4225be5ab10e33e929358b9d391b4dbb670c415942ef67cbd92f1c49b6a56ca234462e67a6bf4b49db211
ep_bytes: 60be002091008dbe00f0aeff5783cdff
timestamp: 2019-04-30 07:28:57


Version Info:

0: [No Data]

Application.Graftor.970863 also known as:

LionicTrojan.Win32.Malicious.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Application.Graftor.970863
FireEyeGeneric.mg.029e0ea8892d33e9
ALYacGen:Variant.Application.Graftor.970863
MalwarebytesGeneric.Crypt.Trojan.Malicious.DDS
VIPREGen:Variant.Application.Graftor.970863
AlibabaMalware:Win32/km_280646.None
Cybereasonmalicious.687f20
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
BitDefenderGen:Variant.Application.Graftor.970863
NANO-AntivirusTrojan.Win32.Strictor.frreay
Ad-AwareGen:Variant.Application.Graftor.970863
ComodoMalware@#29mz79kmr7dn4
F-SecureHeuristic.HEUR/AGEN.1200855
ZillyaTrojan.Generic.Win32.849657
EmsisoftGen:Variant.Application.Graftor.970863 (B)
GoogleDetected
AviraHEUR/AGEN.1200855
Antiy-AVLTrojan/Win32.FlyStudio.a
ArcabitTrojan.Application.Graftor.DED06F
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C1773886
Acronissuspicious
VBA32Trojan.Wacatac
YandexTrojan.GenAsa!f+kuhOMYSYM

How to remove Application.Graftor.970863?

Application.Graftor.970863 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment