Malware

Fugrafa.59920 malicious file

Malware Removal

The Fugrafa.59920 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fugrafa.59920 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • A named pipe was used for inter-process communication
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

www.ip-adress.com

How to determine Fugrafa.59920?



File Info:

crc32: 9716F261
md5: ffa22a98e874d1cf6ad1f7ea7190a791
name: 5555555.png
sha1: 7775d71ab2d3a336a03d8d53f5af2adf3d2386a0
sha256: 2f48299f2ce008e5f51ab3499ce9ed70c36c23ad9aad3eac1c97d8b43e7c93e7
sha512: ada641c91411f4c6b718b5b1e116ba7711613f10e5a8375801a96ff420cb923275b178b1f7a9f17583490c98c009b46189138818f388c68ed72b53e3ab759d0b
ssdeep: 12288:r3K5J7dw7r97C7s7i7M93WbFYqILClwP7QrOrQkQTv/cmQ:r3K5J74aYredO8n2
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2003-2016 Glarysoft Ltd
InternalName: Report.exe
FileVersion: 5, 0, 0, 6
CompanyName:  Glarysoft Ltd
ProductName: Glary Utilities
ProductVersion: 5, 0, 0, 1
FileDescription: Glarysoft Crash Report
OriginalFilename: CrashReport.exe
Translation: 0x0804 0x03a8

Fugrafa.59920 also known as:

BkavHW32.Packed.
MicroWorld-eScanGen:Variant.Fugrafa.59920
FireEyeGeneric.mg.ffa22a98e874d1cf
CylanceUnsafe
VIPRETrojan.Win32.Generic.pak!cobra
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Fugrafa.59920
CrowdStrikewin/malicious_confidence_100% (D)
SymantecML.Attribute.HighConfidence
APEXMalicious
GDataGen:Variant.Fugrafa.59920
RisingTrojan.Kryptik!1.C745 (RDMK:cmRtazpLfIxnFGWX8f3QZ5lBmRCf)
Ad-AwareGen:Variant.Fugrafa.59920
EmsisoftGen:Variant.Fugrafa.59920 (B)
Invinceaheuristic
Trapminemalicious.high.ml.score
SophosMal/EncPk-APV
eGambitPE.Heur.InvalidSig
MAXmalware (ai score=80)
Endgamemalicious (high confidence)
MicrosoftTrojan:Win32/Qakbot.AR!MTB
CynetMalicious (score: 100)
McAfeeW32/PinkSbot-GW!FFA22A98E874
VBA32BScope.TrojanRansom.Shade
ESET-NOD32a variant of Win32/Kryptik.HELU
SentinelOneDFI – Malicious PE
BitDefenderThetaGen:NN.ZexaF.34130.HK1@auJSbxlj
Qihoo-360HEUR/QVM19.1.2A5F.Malware.Gen

How to remove Fugrafa.59920?

Fugrafa.59920 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment