Malware

How to remove “Graftor.115134”?

Malware Removal

The Graftor.115134 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.115134 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Polish
  • Unconventionial language used in binary resources: Polish
  • Authenticode signature is invalid

How to determine Graftor.115134?



File Info:

name: 51F9D31926FFB8FDB4F5.mlw
path: /opt/CAPEv2/storage/binaries/586dbe6d6a3266aecda4df229dc7bf2bfa5e954c3c480c2aa2484d7558602e1b
crc32: 61AFE6C7
md5: 51f9d31926ffb8fdb4f5b2599d23db6f
sha1: 082c8950323679d75bab41c0e9251c9f46a22255
sha256: 586dbe6d6a3266aecda4df229dc7bf2bfa5e954c3c480c2aa2484d7558602e1b
sha512: 332493308cb904904026a3a218350ae343afa0af16531b102397d37677d7e69755461fbc01e46e2318ff53df23f1637ea4d88b88b247ff04d717f01d51bbadc5
ssdeep: 6144:wbaXtTtdUqfSPjBSZx5WAkxKkXO3S/NyXnUrNMlFTs:wUZasZx59kXoXnU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12684F1627EA1907AE0A347BC410CD69BC736399D6F3945B733F3164A46336E08A25F2D
sha3_384: 881b99b45d248580f583846e0474080dad7c1dbf7b9b1cf54f2258ef155abdd2b595ac4ac807a09ec60a33dc9ab72fe4
ep_bytes: e8b92b0000e917feffff558bec83ec08
timestamp: 2013-09-18 14:48:45


Version Info:

CompanyName: Teetheach Corp.
FileDescription: Teetheach Cookage
FileVersion: 10.5.396.820
InternalName: subject-one.exe
LegalCopyright: Copyright © 2001-2011 Teetheach Corporation. All rights reserved.
OriginalFilename: subject-one.exe
ProductName: Teetheach Cookage
ProductVersion: 10.5.396.820
Thickgo: warmRepe
Translation: 0x0415 0x04b0

Graftor.115134 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.115134
FireEyeGeneric.mg.51f9d31926ffb8fd
McAfeePWSZbot-FGY!51F9D31926FF
CylanceUnsafe
VIPREGen:Variant.Graftor.115134
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0055e3db1 )
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.926ffb
VirITTrojan.Win32.Zyx.XR
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.AAU
APEXMalicious
ClamAVWin.Trojan.Zbot-60269
KasperskyTrojan-Spy.Win32.Zbot.pvme
BitDefenderGen:Variant.Graftor.115134
NANO-AntivirusTrojan.Win32.Zbot.cqkmbk
SUPERAntiSpywareTrojan.Agent/Gen-Zusy
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10c72290
Ad-AwareGen:Variant.Graftor.115134
TACHYONTrojan-Spy/W32.ZBot.394752.U
SophosML/PE-A + Troj/Zbot-GDU
ComodoTrojWare.Win32.Agent.SDDF@52d7p8
DrWebTrojan.PWS.Panda.4379
ZillyaTrojan.Zbot.Win32.136731
McAfee-GW-EditionPWSZbot-FGY!51F9D31926FF
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Graftor.115134 (B)
IkarusTrojan-PWS.Win32.Zbot
GDataGen:Variant.Graftor.115134
JiangminTrojanSpy.Zbot.duvi
AviraTR/Spy.Zbot.xzefrs
Antiy-AVLTrojan/Generic.ASMalwS.31
ViRobotTrojan.Win32.Zbot.394752
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZexaF.34786.yq0@aq!jlFlG
ALYacGen:Variant.Graftor.115134
MAXmalware (ai score=80)
VBA32TrojanSpy.Zbot
RisingTrojan.Generic@AI.100 (RDML:2ZKBzk7EBfob/r3PKru4uA)
YandexTrojanSpy.Zbot!tZ5Qj02xIvQ
SentinelOneStatic AI – Malicious PE
FortinetW32/KRYPTIK.PDA!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Graftor.115134?

Graftor.115134 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment