Malware

How to remove “Graftor.372788”?

Malware Removal

The Graftor.372788 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.372788 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to modify proxy settings

How to determine Graftor.372788?



File Info:

name: 218BEE7665ACC038F8E2.mlw
path: /opt/CAPEv2/storage/binaries/bb7a8b8c4c139041a90b75ac5c8fd80b2f17dbaffbba49510308d04d34187b03
crc32: 25075707
md5: 218bee7665acc038f8e2d6fc354305d6
sha1: 77db8574881745ca8808acd2e62a71e5b3405552
sha256: bb7a8b8c4c139041a90b75ac5c8fd80b2f17dbaffbba49510308d04d34187b03
sha512: 739d8a93045579be3cd89b138eeec6f735d13c797d4c6cafd4e3304ca4d6424708f307f677cf255320035d133ae00075f1bf5c5bbd3586d8de001d676f23ca00
ssdeep: 24576:n5vl+BvE3MBfOSsWyFMo+dF7vFpYMYi2bbxpIf:n5U+MYWyqoaL4lpk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A855C012F692C0F2D606217025B6273AEE79DA650A658BC3E394DE7CDC33690DE3711E
sha3_384: 780ddf811b04ce54ddce82abe5ede7d23a9c5fc5aa2deb696a8145ceff99e903ed28b278e54eedfc7dc2b5fa490b8dd9
ep_bytes: 558bec6aff6810d05200683430490064
timestamp: 2022-01-10 05:10:55


Version Info:

FileVersion: 1.0.0.0
FileDescription: 倒影QQ3027162475
ProductName: 验证通杀器-倒影
ProductVersion: 1.0.0.0
CompanyName: 倒影
LegalCopyright: 倒影QQ3027162475
Comments: 倒影QQ3027162475
Translation: 0x0804 0x04b0

Graftor.372788 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Graftor.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.372788
FireEyeGeneric.mg.218bee7665acc038
CAT-QuickHealHacktool.Flystudio.16559
ALYacGen:Variant.Graftor.372788
CylanceUnsafe
SangforTrojan.Win32.Sabsik.FL
K7AntiVirusTrojan ( 005246d51 )
BitDefenderGen:Variant.Graftor.372788
K7GWTrojan ( 005246d51 )
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderThetaGen:NN.ZexaF.34182.vr0@aaUPlPdb
CyrenW32/S-480dd005!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002H0CB222
ClamAVWin.Malware.Generic-9820446-0
RisingMalware.Heuristic!ET#96% (RDMK:cmRtazoDQRYSFlI7ruDeNHuaGnD+)
EmsisoftGen:Variant.Graftor.372788 (B)
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
Antiy-AVLTrojan/Generic.ASCommon.FA
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Graftor.372788
CynetMalicious (score: 100)
McAfeeArtemis!218BEE7665AC
MAXmalware (ai score=86)
VBA32BScope.Trojan.Fuerboos
MalwarebytesTrojan.MalPack.FlyStudio
APEXMalicious
IkarusPUA.BlackMoon
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
AVGWin32:Malware-gen
Cybereasonmalicious.665acc
AvastWin32:Malware-gen

How to remove Graftor.372788?

Graftor.372788 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment