Malware

Should I remove “Fugrafa.214092”?

Malware Removal

The Fugrafa.214092 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fugrafa.214092 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Writes to the spooler folder, potential vulnerability or printer driver install

How to determine Fugrafa.214092?



File Info:

name: E394D278A071876ADFBD.mlw
path: /opt/CAPEv2/storage/binaries/b56c3fb9948b8607f57e1400473d6d49f27c25e5eae437bc8e5cc44388107ef6
crc32: FC291AED
md5: e394d278a071876adfbd3d32c8ef3c13
sha1: dea10b5c30baef2cc6dc9135b244918942f120a0
sha256: b56c3fb9948b8607f57e1400473d6d49f27c25e5eae437bc8e5cc44388107ef6
sha512: eb598fb37a2f5c1f06a3411813869762683b116ff67d44a4ac1a8bd97ca41862145f37b1bffd81c49293c0b71124da12ff316baec7f8b9d84f0ae5771b2c7f5a
ssdeep: 6144:67c29yfuEBJby1ESP6s3oaaIqer4NPPdaS2WefFDjFyZtY6Ivm:F29yfuEjCBqerONaS2TFvonYXm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2E46C19F685847BD02259389C1FEDB99025FAB41E18781772FD1F0C9FB9B826D2B183
sha3_384: 9fa1de1ac2f0d3fa47fe53c1d275553850abea71c4a82c808863cd855f59b8f8f7c20997744af2eca9b3892e833ec204
ep_bytes: 558bec83c4f0535657b86c574500e84d
timestamp: 1992-06-19 22:22:17


Version Info:

Translation: 0x0804 0x04b0
CompanyName: FREE
ProductName: 工程1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 淘宝收藏精灵V1.2
OriginalFilename: 淘宝收藏精灵V1.2.exe

Fugrafa.214092 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.Fugrafa.214092
FireEyeGeneric.mg.e394d278a071876a
McAfeeGenericRXAP-KR!E394D278A071
CylanceUnsafe
VIPREGen:Variant.Fugrafa.214092
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.8a0718
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Delf.OKR
APEXMalicious
ClamAVWin.Malware.Gofot-9942180-0
KasperskyTrojan.Win32.Inject.rzhm
BitDefenderGen:Variant.Fugrafa.214092
NANO-AntivirusTrojan.Win32.Inject.ehykej
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10bc17d3
Ad-AwareGen:Variant.Fugrafa.214092
EmsisoftGen:Variant.Fugrafa.214092 (B)
ComodoTrojWare.Win32.Gofot.C@87fh3w
DrWebTrojan.Inject2.32153
ZillyaTrojan.FakeAV.Win32.71715
McAfee-GW-EditionBehavesLike.Win32.PWSLegMir.jt
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Spy
GDataGen:Variant.Fugrafa.214092
JiangminTrojan.Inject.tvs
AviraHEUR/AGEN.1218850
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.330C
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Inject.C5191920
VBA32BScope.Trojan.Gofot
ALYacGen:Variant.Fugrafa.214092
MalwarebytesGeneric.Trojan.Malicious.DDS
RisingTrojan.Clicker!1.64DF (CLASSIC)
YandexTrojan.GenAsa!ojrS6F8zKKk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Delf.OAY!tr
BitDefenderThetaGen:NN.ZelphiF.34806.QG3@amCal6eb
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Fugrafa.214092?

Fugrafa.214092 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment