Malware

Graftor.483212 malicious file

Malware Removal

The Graftor.483212 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.483212 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Arabic (Libya)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)

How to determine Graftor.483212?



File Info:

name: 2F4594588D23D967F302.mlw
path: /opt/CAPEv2/storage/binaries/d1c0ca25036e44e48508686a7be9308cfe14f19601f7bbf6bb1746e7664ffd40
crc32: C736092D
md5: 2f4594588d23d967f302f99cc35513f9
sha1: 5ce59e21a5ee11061b35c8480187823b8f86791d
sha256: d1c0ca25036e44e48508686a7be9308cfe14f19601f7bbf6bb1746e7664ffd40
sha512: 16a8ca837808e211acefd07403a237b6fcc5e14de3b602ff2213f14ae5e613b298ddb78be47ad6512a7ef6acfe267bad700579ba649376eea3124e37b27412cb
ssdeep: 12288:K/pTw9gmqEBHSUMMqZJmULknou16cjwrv83mIZ/MEvD5f3rPGnmznlEp9TEhcMlE:UT2HqXUMMqZAUqou16ci83m6/MuN3rui
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D0E4232DC3C50E66E16F4B3F65BE5B508129F5194A4C62D3E15E28A7B7002D217F8BCB
sha3_384: 3b90e7dfda3f683d7d2d75ef32dbd5584f443cfc1937bacc45fafaa93b7a376cb5eb5b32a1bb625039ef5ef3f70bba89
ep_bytes: 6848000000680000000068eca24000e8
timestamp: 2018-10-29 19:04:24


Version Info:

Comments: Software de reprodução de VideoKê
FileDescription: Software de reprodução de VideoKê
FileVersion: 1.16.10.18
ProductVersion: 1.1
LegalCopyright: Soft de vídeo ©
Autor: Unknown
CompanyName: Unknown
Nome do produto: Sustenido
Nome interno: Sustenido
Nome original do arquivo: Sustenido.exe
Translation: 0x0416 0x04b0

Graftor.483212 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Graftor.483212
FireEyeGeneric.mg.2f4594588d23d967
McAfeeGenericRXBZ-DF!2F4594588D23
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0053ed2b1 )
K7GWTrojan ( 0053ed2b1 )
Cybereasonmalicious.88d23d
BaiduWin32.Trojan-PSW.Agent.i
CyrenW32/Injector.AIJ.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EAZJ
APEXMalicious
ClamAVWin.Malware.Crampes-9861734-0
KasperskyVHO:Trojan.Win32.Inject.gen
BitDefenderGen:Variant.Graftor.483212
NANO-AntivirusTrojan.Win32.Inject.fhphlh
AvastFileRepMalware [Trj]
Ad-AwareGen:Variant.Graftor.483212
EmsisoftGen:Variant.Graftor.483212 (B)
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.jc
Trapminemalicious.moderate.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Graftor.483212
WebrootW32.Adware.Gen
AviraTR/Crypt.XPACK.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/RL.Generic.R249670
Acronissuspicious
VBA32Trojan.Inject
ALYacGen:Variant.Graftor.483212
MAXmalware (ai score=83)
MalwarebytesMalware.AI.318388522
RisingTrojan.Generic@AI.100 (RDML:OE9K+SWcBunc37vZc4iEUg)
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.41DEF8
BitDefenderThetaGen:NN.ZexaF.34712.Qu0@aGs!c8oO
AVGFileRepMalware [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Graftor.483212?

Graftor.483212 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment