Malware

Graftor.112766 information

Malware Removal

The Graftor.112766 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.112766 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself

How to determine Graftor.112766?



File Info:

name: E1A69FB653BBB1630BCA.mlw
path: /opt/CAPEv2/storage/binaries/21c344d0c29a39139a7d181ed28502a9a1eb2f02e788109e0765a37edf33b0b0
crc32: 08FD2111
md5: e1a69fb653bbb1630bcac29df206fe5b
sha1: 0be09a21482d3caa456b6332a790822a3a592f03
sha256: 21c344d0c29a39139a7d181ed28502a9a1eb2f02e788109e0765a37edf33b0b0
sha512: 3b9d712fbe16c1178744ab18d5a970e024542fb252b932c8fc50eebaebec737c5a3c86f2b25d2fb9caa38d58a2bdcd7a89418a96baef285d2d38099ce4f7cee7
ssdeep: 1536:2BTMoi+sdpjIG4pmTLrdS4TWG3EES4UXqIJxQjERg/m3WdlEgQP3mnAaN/J:2moQ2kHrdS4Tz3HKPQjERg+1tOnAaNx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DFA3BF41D909D57AF28D1B74983A8FB704C3BE1542B4863E35EE732F1BB33160899A4B
sha3_384: 95cee3a5f7d255d4f0fca0787444b8a16e9dd721b829ebbfa09acb598c8e77b8bd594f304cf63dd3c8f35bdaf4fedaac
ep_bytes: 558bec6aff68a4304000688c18400064
timestamp: 2010-08-12 03:31:58


Version Info:

CompanyName: Exeeeee Amooo, 
FileDescription: auix
FileVersion: 5.2.600.3800
InternalName: Exbydo
LegalCopyright: misaly bym 1998-2009
OriginalFilename: incytygabl.exe
ProductName: imasi, 
ProductVersion: 5.2.600.3800
Translation: 0x0409 0x04b0

Graftor.112766 also known as:

BkavW32.MassiveUsbG.Worm
LionicWorm.Win32.Generic.lzlW
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Autoruner.44048
MicroWorld-eScanGen:Variant.Graftor.112766
FireEyeGeneric.mg.e1a69fb653bbb163
CAT-QuickHealTrojan.Rimecud.U
ALYacGen:Variant.Graftor.112766
CylanceUnsafe
VIPREGen:Variant.Graftor.112766
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0040f06e1 )
K7GWTrojan ( 0040f06e1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34698.gm3@aW1T3Jci
CyrenW32/Rimecud.AM.gen!Eldorado
SymantecW32.Pilleuz!gen36
ESET-NOD32a variant of Win32/Kryptik.AKNU
APEXMalicious
TrendMicro-HouseCallWORM_RIMECUD.SMI
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.112766
NANO-AntivirusTrojan.Win32.Autoruner.crhask
AvastWin32:MalPack-B [Trj]
TencentWin32.Trojan.Generic.Dtgl
Ad-AwareGen:Variant.Graftor.112766
SophosML/PE-A + Troj/HkMain-CT
ComodoTrojWare.Win32.Kryptik.AKNY@4qdtf7
TrendMicroWORM_RIMECUD.SMI
McAfee-GW-EditionPWS-Zbot.gen.aqm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Graftor.112766 (B)
JiangminTrojan/Generic.anorr
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.24D
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Rimecud.A
GDataGen:Variant.Graftor.112766
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Graftor.R36050
McAfeePWS-Zbot.gen.aqm
VBA32BScope.Trojan.Rimecud
RisingMalware.Undefined!8.C (TFE:1:R1ETROZqFjT)
YandexTrojan.Kryptik!XYGpJRKFpfI
IkarusVirus.Win32.Cryptor
FortinetW32/Kryptik.AKNU!tr
AVGWin32:MalPack-B [Trj]
Cybereasonmalicious.653bbb
PandaTrj/Genetic.gen

How to remove Graftor.112766?

Graftor.112766 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment