Malware

Fugrafa.43972 removal guide

Malware Removal

The Fugrafa.43972 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fugrafa.43972 virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Uses Windows utilities for basic functionality
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk

How to determine Fugrafa.43972?



File Info:

name: 4371AF481D6A0EA63014.mlw
path: /opt/CAPEv2/storage/binaries/3df736b8e26821b3b43ffb31022511c3c9dc29a34d922047af2bec4fc5b294d2
crc32: CD9101F3
md5: 4371af481d6a0ea630145dbc55b3045f
sha1: efbb5530d4205c9412e68ec7e982d8b3b3ccf462
sha256: 3df736b8e26821b3b43ffb31022511c3c9dc29a34d922047af2bec4fc5b294d2
sha512: 3613b4bc82f380b43c3fa8f77c7f854f53f2e582de24e55b8c7f18fee4eb45bae166665bcc034f9a043b6c4c71c34aaf5de6a0c5180f13602764ea7e9988dd6d
ssdeep: 49152:nED1olSMi7pisZ2TWNkV4uGVYjVShp9plJfgrb:nED6DLswTgA8VwYJO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CD950221E685C537E1B31A3C8C2BB3D55929FD012A344A0ABFF85E8D2D351C2F669397
sha3_384: edcf5feda55ef3966d6ceaa7505dd1bd501afddfbc4651bbbd77b9dffa879b5e330eb6a633d616456847eebc3f914125
ep_bytes: 558becb90e0000006a006a004975f953
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Fugrafa.43972 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Fugrafa.43972
FireEyeGeneric.mg.4371af481d6a0ea6
CAT-QuickHealTrojan.Buzus.9827
McAfeeGenericRXHK-BY!4371AF481D6A
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Fugrafa.43972
K7AntiVirusSpyware ( 005480c71 )
K7GWSpyware ( 005480c71 )
CrowdStrikewin/malicious_confidence_90% (D)
VirITTrojan.Win32.Generic.AGVF
SymantecTrojan.Gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Swisyn.DO
APEXMalicious
ClamAVWin.Packed.Generickdz-9948392-0
KasperskyTrojan.Win32.Agent.aiaib
BitDefenderGen:Variant.Fugrafa.43972
NANO-AntivirusRiskware.Win32.NeoSpy.cvnah
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.13d40e4b
EmsisoftGen:Variant.Fugrafa.43972 (B)
F-SecureTrojan.TR/Dropper.Gen2
DrWebTrojan.PWS.Webmonier.811
ZillyaTrojan.Swisyn.Win32.20501
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
Trapminemalicious.high.ml.score
SophosML/PE-A
GDataGen:Variant.Fugrafa.43972
JiangminTrojanSpy.Webmoner.zv
GoogleDetected
AviraTR/Dropper.Gen2
Antiy-AVLTrojan[Monitor]/Win32.NeoSpy
XcitiumSuspicious@#wiocvywysugf
ArcabitTrojan.Fugrafa.DABC4
ZoneAlarmTrojan.Win32.Agent.aiaib
MicrosoftTrojan:Win32/Dorv.D!rfn
CynetMalicious (score: 99)
BitDefenderThetaGen:NN.ZelphiF.36318.7HW@aCFYodoO
ALYacGen:Variant.Fugrafa.43972
MAXmalware (ai score=89)
VBA32BScope.Trojan.Buzus
PandaTrj/CI.A
RisingBackdoor.Androme!8.10FC6 (TFE:4:VtBAZFzOODK)
YandexTrojan.GenAsa!7DTfSxXtY2w
IkarusVirus.Win32.DelfInject
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/NeoSpy
AVGWin32:Trojan-gen
Cybereasonmalicious.81d6a0
DeepInstinctMALICIOUS

How to remove Fugrafa.43972?

Fugrafa.43972 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment