Malware

What is “Graftor.284329”?

Malware Removal

The Graftor.284329 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.284329 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:19730
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings

How to determine Graftor.284329?



File Info:

name: 0198DB047D8BEE3A88A8.mlw
path: /opt/CAPEv2/storage/binaries/e241f2bd905857ef56879527ffaf27dd081c29ff89bf07953cf1e9916b381be5
crc32: BC2FC9B4
md5: 0198db047d8bee3a88a89c52dcb366f7
sha1: 93f0b9ffc9c709f871f5e35a78e6c76e3a464eab
sha256: e241f2bd905857ef56879527ffaf27dd081c29ff89bf07953cf1e9916b381be5
sha512: bada3d0a34c2d9fca400e9a705a8f5721593906574890cd05cd5de21e0d984cc584644942a496b8a72a8040605df16f4b66da90e3d1b78a8743a1d275434c9d6
ssdeep: 12288:9Dt4P+MGNnGw9/fU+Q4nCnss+gJXlTAdhoSsG:9uynZqx4/sfJ1U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14D05DF8939ECE99BF90180329B71939A94F6C9468807351FA57C31CFBD40E934F896F9
sha3_384: f8c7780a8b88a25d0dc02d0c789842606dcc447801efd6f14f518e1c1942af9f3de434748fe897d8ca65844829194463
ep_bytes: f8eb04e862c49f60f9eb141c112830a1
timestamp: 2011-03-04 13:36:36


Version Info:

0: [No Data]

Graftor.284329 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.284329
FireEyeGeneric.mg.0198db047d8bee3a
ALYacGen:Variant.Graftor.284329
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000041 )
AlibabaTrojan:Win32/EncPk.d5269c57
K7GWTrojan ( 700000041 )
Cybereasonmalicious.47d8be
BitDefenderThetaGen:NN.ZexaF.34062.0qW@aOh!GRd
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Paloaltogeneric.ml
ClamAVWin.Trojan.Blackhole-1425
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Graftor.284329
NANO-AntivirusTrojan.Win32.Drop.doqcdp
AvastWin32:Trojan-gen
RisingPacker.Win32.Agent.f (CLASSIC)
Ad-AwareGen:Variant.Graftor.284329
EmsisoftGen:Variant.Graftor.284329 (B)
ComodoWorm.Win32.Dropper.RA@1qraug
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Sality.cc
SophosMal/EncPk-ADN
IkarusTrojan.Win32.Sasfis
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Jord.xktw
KingsoftWin32.Troj.Generic.v.(kcloud)
MicrosoftTrojan:Win32/Dynamer!ac
GDataGen:Variant.Graftor.284329
CynetMalicious (score: 100)
Acronissuspicious
McAfeeFlyagent.d
VBA32BScope.Adware.Agent
MalwarebytesMalware.AI.4200502447
APEXMalicious
YandexTrojan.Jord!z0o+gkIHgrI
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_89%
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Graftor.284329?

Graftor.284329 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment