Malware

Fugrafa.91210 removal guide

Malware Removal

The Fugrafa.91210 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Fugrafa.91210 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • A named pipe was used for inter-process communication
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

www.ip-adress.com

How to determine Fugrafa.91210?


File Info:

crc32: AE95F8B4
md5: 67d08af0f31a1e960704ac6bec529760
name: upload_file
sha1: 1985658e197be0420e2e2af816ecec6ecf66e627
sha256: 086e2ad8d9bd90c5b88b309f685a192f0d2501ea777f601af14b05dd4b92332f
sha512: 3239b37f6f7acdce5a91275c97b827d4f3649dddaad108f551d1a40067170130ee1f3cee99879801256f774650e564e8a3fe9f5236bf4708c062722f21d8034f
ssdeep: 6144:5lsm299C3mhn2nVvJNnzWoNE7Ar7R9dCH3HhHNthRHt1H5HP7CetSyc2SZ:Qmw9862nVBJ07M4ZcTZ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: WmiApSrv.exe
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: WMI Performance Reverse Adapter
OriginalFilename: WmiApSrv.exe
Translation: 0x0409 0x04b0

Fugrafa.91210 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.3769
MicroWorld-eScanGen:Variant.Fugrafa.91210
FireEyeGeneric.mg.67d08af0f31a1e96
CAT-QuickHealTrojanDownloader.Agent
McAfeeW32/PinkSbot-HC!67D08AF0F31A
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 005711321 )
BitDefenderGen:Variant.Fugrafa.91210
K7GWTrojan ( 005711321 )
Cybereasonmalicious.e197be
BitDefenderThetaGen:NN.ZexaF.34590.Gt1@aaK0Zidi
CyrenW32/Qbot.AA.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Malware.Generickdz-9781674-0
KasperskyTrojan-Downloader.Win32.Agent.xxzmrf
AlibabaTrojanDownloader:Win32/Qakbot.2c0e7dd1
AegisLabHacktool.Win32.Krap.lKMc
Ad-AwareGen:Variant.Fugrafa.91210
ComodoMalware@#3ntgaktmsrcpk
VIPRETrojan.Win32.Generic!BT
InvinceaMal/EncPk-APV
McAfee-GW-EditionW32/PinkSbot-HC!67D08AF0F31A
SophosMal/EncPk-APV
SentinelOneDFI – Malicious PE
eGambitPE.Heur.InvalidSig
AviraTR/AD.Qbot.vqxrb
MicrosoftTrojan:Win32/Qakbot.AR!MTB
ArcabitTrojan.Fugrafa.D1644A
ZoneAlarmTrojan-Downloader.Win32.Agent.xxzmrf
GDataWin32.Packed.QBot.A
Acronissuspicious
VBA32BScope.TrojanRansom.Shade
MAXmalware (ai score=87)
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/GenCBL.CZ
RisingMalware.Undefined!8.C (TFE:2:szhKj0LokFE)
IkarusTrojan-Spy.Agent
FortinetW32/Kryptik.HGXH!tr
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Downloader.992

How to remove Fugrafa.91210?

Fugrafa.91210 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment