Malware

Graftor.127599 removal

Malware Removal

The Graftor.127599 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.127599 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Accessed credential storage registry keys
  • Harvests cookies for information gathering

How to determine Graftor.127599?



File Info:

name: 0C364F52839C6DF43441.mlw
path: /opt/CAPEv2/storage/binaries/aed425dd1057e2f57584e4e839aebaac25f4cc5eea1c01a52f3685b19b7df978
crc32: B2893DFA
md5: 0c364f52839c6df4344196d1b5446844
sha1: fc050f6647764df8023a98d6865a5d5ff3f57a60
sha256: aed425dd1057e2f57584e4e839aebaac25f4cc5eea1c01a52f3685b19b7df978
sha512: 1b847c2a46f0d66ed1c647cbc1871358f54f763d6a4772b0c6616edc0a70f00308343f9782b246730ff8e113afbe68ade90c457d80e90bd403a4a14a00a2e10a
ssdeep: 98304:FrX1plYdsC0Hp78icwDHaoH+f4gPrJISbsbMwnEk8ir7ZWuoJxXSd3:p1pU0HC7wD6zHIM+kwd3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192F523A27412D6E6E974DCB3780BD0F01A843CBECAC43129BCC9F35D51B15E1A667A1E
sha3_384: 072a4fb5a8260140f8938f5a6ce37de50ec2d63336b2b0d0612cbb935736edb7b2a3afacdbd4ad9c7ec27cc2d13e803d
ep_bytes: 60be000090008dbe0010b0ffc787183c
timestamp: 2014-01-14 16:43:00


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Graftor.127599 also known as:

LionicTrojan.Win32.Inject.m0Qg
Elasticmalicious (moderate confidence)
DrWebTrojan.InstallMonster.61
MicroWorld-eScanGen:Variant.Graftor.127599
FireEyeGeneric.mg.0c364f52839c6df4
McAfeeArtemis!0C364F52839C
CylanceUnsafe
VIPREGen:Variant.Graftor.127599
SangforTrojan.Win32.Save.a
Cybereasonmalicious.2839c6
ArcabitTrojan.Graftor.D1F26F
BitDefenderThetaGen:NN.ZelphiF.34698.wpNfaOBf1Kfk
VirITTrojan.Win32.Generic.BHMX
CyrenW32/A-22247d38!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/InstallMonstr.BE potentially unwanted
APEXMalicious
ClamAVWin.Trojan.Agent-1124869
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.Graftor.127599
NANO-AntivirusTrojan.Win32.InstallMonster.dbisaf
AvastWin32:Injector-BPK [Trj]
RisingTrojan.Generic!8.C3 (CLOUD)
Ad-AwareGen:Variant.Graftor.127599
EmsisoftGen:Variant.Graftor.127599 (B)
ComodoApplicUnwnt.Win32.Hoax.ArchSMS.AGH@59iugh
ZillyaTrojan.Inject.Win32.66246
McAfee-GW-EditionBehavesLike.Win32.Virus.wc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
JiangminTrojan/Inject.aqyy
GoogleDetected
AviraTR/Symmi.ola
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.77
KingsoftWin32.Troj.Inject.hl.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Graftor.127599
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.MDA.C500301
Acronissuspicious
VBA32TScope.Trojan.Delf
ALYacGen:Variant.Graftor.127599
MalwarebytesPUP.Optional.InstallMonster
TencentWin32.Trojan.Agent.Vimw
YandexRiskware.Agent!oek/UjvIYGQ
IkarusTrojan.Win32.Malagent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.AYAG!tr
AVGWin32:Injector-BPK [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Graftor.127599?

Graftor.127599 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment