Malware

How to remove “Fugrafa.3207 (B)”?

Malware Removal

The Fugrafa.3207 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fugrafa.3207 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Fugrafa.3207 (B)?



File Info:

name: 403FED9C2B1EBB793801.mlw
path: /opt/CAPEv2/storage/binaries/eec8973c21d540f7c1776afb0b7d2504f52bd407258933b542715d5e05fa929d
crc32: 092C13DC
md5: 403fed9c2b1ebb79380152ffe269f199
sha1: 6a57c03f3d0013a7ab6f670b5feb25108b2b665c
sha256: eec8973c21d540f7c1776afb0b7d2504f52bd407258933b542715d5e05fa929d
sha512: c6136da4ef0a2631b9c960424c3a4b2c6762dc88a3b8dc8c32eea3d712477eafb8939e4b320c514a22219cb6f716539dfa5914d14d269a876f429edc611480dd
ssdeep: 1536:17PvnKhWQtC3Izj6TrlDa2z6Ewd0zvPTQw9LBZRQ8V3zhb:FPvKztiIzj6xtDLBZRQ8Vj5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132937E00F6D698B0EC95367000EB6BB7C1BA9D61120B0BB36F64CE6B38725B9BD35417
sha3_384: 3cac60eda370d6fdada35d9bd2fd9e2fbf6e02599aaa28bbeade77b5a443e8ed38493f29123c0ab028c458c0854ebbb9
ep_bytes: 558bec6aff689011151368dacf151364
timestamp: 2012-07-19 19:00:28


Version Info:

Comments: 1.5901.1.195
CompanyName: 网龙天晴数码
FileDescription: 网络游戏魔域客户端执行程序
FileVersion: 1, 5901, 1, 195
InternalName: soul.exe
LegalCopyright: 版权所有 (C) 2002
LegalTrademarks: 
OriginalFilename: 魔域.exe
PrivateBuild: 
ProductName: 魔域客户端执行程序
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Fugrafa.3207 (B) also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.17387
ClamAVWin.Dropper.Gh0stRAT-7645027-0
FireEyeGeneric.mg.403fed9c2b1ebb79
CAT-QuickHealTrojan.OnLineGames.S8257
McAfeePWS-FCGX!403FED9C2B1E
CylanceUnsafe
ZillyaTrojan.Agent.Win32.357750
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0047d1d01 )
K7GWTrojan ( 0047d1d01 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34114.fm0@aqyqiEgb
VirITTrojan.Win32.Generic.OTW
SymantecSMG.Heur!gen
ESET-NOD32Win32/Farfli.AAG
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Scar.otbk
BitDefenderGen:Variant.Fugrafa.3207
NANO-AntivirusTrojan.Win32.DownLoad3.brmnhb
MicroWorld-eScanGen:Variant.Fugrafa.3207
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b0c50c
Ad-AwareGen:Variant.Fugrafa.3207
SophosML/PE-A + Troj/FarFli-DA
ComodoTrojWare.Win32.Farfli.S@6jgvla
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.nt
EmsisoftGen:Variant.Fugrafa.3207 (B)
IkarusTrojan-Spy.Win32.Small
GDataGen:Variant.Fugrafa.3207
JiangminTrojan.Generic.aakuc
WebrootW32.Trojan.Gen
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Unknown
MicrosoftTrojan:Win32/OnLineGames.A
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
VBA32BScope.Trojan.Download
ALYacGen:Variant.Fugrafa.3207
MAXmalware (ai score=80)
MalwarebytesMalware.AI.295672925
APEXMalicious
RisingTrojan.Farfli!8.FF (RDMK:cmRtazouM8joNNn14NF/nUd2+R6M)
YandexTrojan.GenAsa!HZb9oIoHoh0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AAG!tr
AVGWin32:Malware-gen
Cybereasonmalicious.c2b1eb
PandaTrj/Genetic.gen

How to remove Fugrafa.3207 (B)?

Fugrafa.3207 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment