Malware

Graftor.166405 removal

Malware Removal

The Graftor.166405 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.166405 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Arabic (Algeria)
  • Unconventionial language used in binary resources: Lithuanian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)

How to determine Graftor.166405?



File Info:

name: D3FA27435523D7CD26E0.mlw
path: /opt/CAPEv2/storage/binaries/fe9137ba160a949593162306d182039c6d6d24941487fc991906e41512d9814b
crc32: B949139C
md5: d3fa27435523d7cd26e0619dd5a4fc07
sha1: 8b24712f0465703e73a02e1af8137d6ce2bea3a9
sha256: fe9137ba160a949593162306d182039c6d6d24941487fc991906e41512d9814b
sha512: d7f10b50ca0872aa4af31caa81efc23dbe499d00d953fbda73ff37068cc6ecf90fdb281187996c4450e59d9cfe6bd1578770ee9f4fa3a724d298c1bb34153f41
ssdeep: 3072:z7sii0xZV/XPxJcmY+biFUY8nBZLTvUNQJ:zoiiqfp9eUYQLTvWy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AFD38C137861B633C0550C31CCA087718F6EBC1E0578605B7F8D3A5FAD7D9968A2AB6E
sha3_384: 8121d12b9d87b76874c31ad46203f53a49684935b293c468aff40ffdf198321d2cb955b1cfcc2e250075e7d0b73b66d6
ep_bytes: e8062c0000e978feffff8bff558bec56
timestamp: 2014-12-08 18:19:32


Version Info:

CompanyName: Tv purple - www.Accident.com
FileDescription: Burst consonant hollow porch tape
FileVersion: 6.0.0.2
Internal Name: Accept.exe
Legal Trademarks: Accident
Original Filename: Accept.exe
ProductName: Accident
ProductVersion: 2.0
LegalCopyright: Copyright (C) Accident 2006-2013
Translation: 0x0401 0x04b0

Graftor.166405 also known as:

LionicTrojan.Win32.Agent.mfUU
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.25936
MicroWorld-eScanGen:Variant.Graftor.166405
FireEyeGeneric.mg.d3fa27435523d7cd
CAT-QuickHealTrojanRansom.Crowti.A4
McAfeeGeneric-FAVV!D3FA27435523
CylanceUnsafe
SangforTrojan.Win32.Injector.BQYF
K7AntiVirusTrojan ( 0055e3991 )
AlibabaVirTool:Win32/Injector.b1cdc185
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.35523d
BitDefenderThetaGen:NN.ZexaF.34212.iq0@ai8Oeqlc
CyrenW32/Rovnix.A.gen!Eldorado
SymantecTrojan.Zbot
ESET-NOD32a variant of Win32/Injector.BQYF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.166405
NANO-AntivirusTrojan.Win32.Yakes.dkjbzx
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:Androp [Drp]
TencentWin32.Trojan.Generic.Wtdq
Ad-AwareGen:Variant.Graftor.166405
SophosTroj/Inject-BHP
ComodoMalware@#aiidzlds5y2y
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_YAKES.DUKMQ
McAfee-GW-EditionBehavesLike.Win32.Dropper.cc
EmsisoftGen:Variant.Graftor.166405 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Yakes.pde
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1242683
Antiy-AVLTrojan/Generic.ASMalwS.D4DA04
MicrosoftVirTool:Win32/Injector.EY
ViRobotTrojan.Win32.Agent.115200.AG
GDataGen:Variant.Graftor.166405
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Injecter.R127896
VBA32Trojan.Yakes
ALYacGen:Variant.Graftor.166405
MAXmalware (ai score=81)
MalwarebytesTrojan.Agent.DED
TrendMicro-HouseCallTROJ_YAKES.DUKMQ
RisingTrojan.Win32.Generic.17DD8CB0 (C64:YzY0Ot8Y09/Eu8Qr)
YandexTrojan.Yakes!cLxRhbxCtuo
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.BQYF!tr
WebrootW32.Backdoor.Gen
AVGWin32:Androp [Drp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Graftor.166405?

Graftor.166405 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment