Malware

About “Fugrafa.164561” infection

Malware Removal

The Fugrafa.164561 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fugrafa.164561 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Fugrafa.164561?



File Info:

name: 557FD7447E40D3675146.mlw
path: /opt/CAPEv2/storage/binaries/d1167dc0ac3ef63fda7f3c1ef95fbb3d7e36fe3d586a213e1a3928393a17cde4
crc32: FDBEE269
md5: 557fd7447e40d367514652eeea6d5927
sha1: 50ac32520ec3344f2490e54e9fada9b648ccd20c
sha256: d1167dc0ac3ef63fda7f3c1ef95fbb3d7e36fe3d586a213e1a3928393a17cde4
sha512: 448c139bd659710a1e54af47cc91873752d108d5a90bca24cb9ec47a912087c1b9abf014ec2b3e4d0480187bb783ec1e4d70c985c12514af1b7f91be0485ccfc
ssdeep: 24576:zIIIjFIR2IqIfcIeIBImPU0907/jFt6/j/f1KI:0vjG3prNimPUnFtk/fM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132956FBEBDDAC5AFEC9CC0B84679715684106F98DCA2696EDA723E9CC63C6CF1541C00
sha3_384: a989eacab109795c4fdbb41f568783537775a382332e22d800be7c933a98dff5f01ba234f33d16ded98310bdc86c524a
ep_bytes: 558bec6aff68f0b5460068069f460064
timestamp: 2021-07-18 20:50:31


Version Info:

Comments: http://www.the-sz.com/
CompanyName: the sz development
FileDescription: Parkdale
FileVersion: 3.01
InternalName: Parkdale
LegalCopyright: Copyright © 2001-2020
LegalTrademarks: 
OriginalFilename: Parkdale.exe
PrivateBuild: 
ProductName: the sz development Parkdale
ProductVersion: 3.01
SpecialBuild: The SZ
Translation: 0x0407 0x04b0

Fugrafa.164561 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fugrafa.164561
McAfeeGenericRXPI-ML!557FD7447E40
SangforTrojan.Win32.Staser.gen
K7AntiVirusTrojan ( 005821bd1 )
K7GWTrojan ( 005821bd1 )
Cybereasonmalicious.20ec33
ArcabitTrojan.Fugrafa.D282D1
BitDefenderThetaGen:NN.ZexaF.34294.Zz0@aGmQyKEi
CyrenW32/Kryptik.ERN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLKD
APEXMalicious
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Fugrafa.164561
SUPERAntiSpywareTrojan.Agent/Gen-Staser
AvastWin32:CrypterX-gen [Trj]
Ad-AwareGen:Variant.Fugrafa.164561
EmsisoftGen:Variant.Fugrafa.164561 (B)
F-SecureTrojan.TR/Crypt.Agent.erlpl
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R067C0WGO21
McAfee-GW-EditionBehavesLike.Win32.Tupym.tt
FireEyeGeneric.mg.557fd7447e40d367
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.Agent.erlpl
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Trojan.PSE.1IAKRUN
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R432764
ALYacGen:Variant.Fugrafa.164561
MAXmalware (ai score=87)
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R067C0WGO21
RisingMalware.Heuristic!ET#86% (RDMK:cmRtazrfjNtCX4XqNd5O6OBl7asC)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.73802172.susgen
FortinetW32/Kryptik.HLMN!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Fugrafa.164561?

Fugrafa.164561 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment