Malware

Graftor.22754 (B) malicious file

Malware Removal

The Graftor.22754 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.22754 (B) virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Operates on local firewall’s policies and settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Graftor.22754 (B)?



File Info:

name: 4D06827590160C100CFE.mlw
path: /opt/CAPEv2/storage/binaries/1a6bfadbcb6b2b99bbb17c95bb04fe13517654fa0a602023daf242567a0d3270
crc32: CBFA040A
md5: 4d06827590160c100cfe90681311a4a5
sha1: bb480a738f06376ad3f59dbcb89cdbde6097c9e9
sha256: 1a6bfadbcb6b2b99bbb17c95bb04fe13517654fa0a602023daf242567a0d3270
sha512: 45ac70a42ff3afdfafdf5ab6881886a8473d4f3603af08a47dbdf9c6bb41022c50bad5140091ef077c02a302300639d403387fac8c5a8459e41acdf46857b676
ssdeep: 3072:ZxEEo75OnPSI09qgmBBAGKSvwlQ7aN24E:Zxdi5Onz2qgmB9Dwo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T119846B21F711C06AE4D141FEC6D74B76A59C6F301B1860E3D3E07EAA673A1EAF93054A
sha3_384: 6111b3127d717820a8bf7a2f7af934d87d0c2729da31908cb7f9b8cdbd082d62af6f2d8d34ba1c54979772815879cfd0
ep_bytes: 558bec6aff68d87742006840aa400064
timestamp: 2011-04-20 17:11:34


Version Info:

Comments: 
CompanyName: Sun Microsystems, Inc.
FileDescription: Java(TM) Platform SE binary
FileVersion: 6.0.150.3
InternalName: jusched
LegalCopyright: Copyright © 2011
LegalTrademarks: Sun Microsystems, Inc.
OriginalFilename: jusched
PrivateBuild: 
ProductName: Java(TM) Platform SE 6 U15
ProductVersion: 6.0.150.3
SpecialBuild: 
Translation: 0x0000 0x04b0

Graftor.22754 (B) also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Graftor.22754
FireEyeGeneric.mg.4d06827590160c10
SkyhighPolyPatch-UPX
McAfeePolyPatch-UPX
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Agent.Win32.143870
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004bcce41 )
K7GWTrojan ( 004bcce41 )
BitDefenderThetaGen:NN.ZexaF.36804.xm1@aavAcPhO
VirITTrojan.Win32.Agent3.KAJ
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.SRG
APEXMalicious
ClamAVWin.Worm.Ganelp-6776766-0
KasperskyVHO:Worm.Win32.Convagent.gen
BitDefenderGen:Variant.Graftor.22754
NANO-AntivirusTrojan.Win32.Agent.cynaeu
AvastWin32:Dropper-GHV [Drp]
TencentTrojan.Win32.FakeFolder.uu
EmsisoftGen:Variant.Graftor.22754 (B)
BaiduWin32.Trojan.Agent.dc
F-SecureWorm.WORM/Ganelp.azrea
DrWebTrojan.Proxy.19336
VIPREGen:Variant.Graftor.22754
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.adwgc
ALYacGen:Variant.Graftor.22754
WebrootW32.Trojan.Gen
VaristW32/Agent.OZTY-5861
AviraWORM/Ganelp.azrea
Antiy-AVLTrojan/Win32.Inject
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Ganelp.E
XcitiumWorm.Win32.Jushed.KA@4cysvx
ArcabitTrojan.Graftor.D58E2
ZoneAlarmVHO:Worm.Win32.Convagent.gen
GDataWin32.Trojan.PSE.13IOJ08
CynetMalicious (score: 100)
AhnLab-V3Worm/Win.Juched.R644368
VBA32Trojan.Proxy
GoogleDetected
MAXmalware (ai score=87)
Cylanceunsafe
PandaGeneric Malware
RisingTrojan.Agent!1.C135 (CLASSIC)
IkarusWorm.Win32.Juched
FortinetW32/Agent.TNE!tr
AVGWin32:Dropper-GHV [Drp]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Ganelp

How to remove Graftor.22754 (B)?

Graftor.22754 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment