Malware

Should I remove “Graftor.536431”?

Malware Removal

The Graftor.536431 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.536431 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • A process was set to shut the system down when terminated
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

owo-whats-this.duckdns.org

How to determine Graftor.536431?



File Info:

crc32: AC58DF2E
md5: a65588611bea2e11e8b7a783586d45ed
name: ducklmao_install.exe
sha1: 70df9e0bb904ec5cacd4ccc54950d3029ab322c9
sha256: 2cf884671b814b3a278eca91e8feb1e9b9b42889c6324995178d7c4df38de49a
sha512: 123a09a6f84d7a550bd9cfc61492ca8182e80fb2b0c12b476fbd742d14ba124916b1411095e24d7fb5b74073495a331fb84995d3484d29263d764aaac42979d8
ssdeep: 24576:jyI4MROxnFt3v9MQvrZlI0AilFEvxHidsRN+Sr5P8WmA2TzKsv+6k2C:jyrMijm0rZlI0AilFEvxHi2Fr5WycC
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: 
Assembly Version: 1.0.0.0
InternalName: Orcus.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: 
ProductVersion: 1.0.0.0
FileDescription: 
OriginalFilename: Orcus.exe

Graftor.536431 also known as:

DrWebTrojan.DownLoader24.64059
MicroWorld-eScanGen:Variant.Graftor.536431
FireEyeGeneric.mg.a65588611bea2e11
McAfeeGenericRXKC-IY!A65588611BEA
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Graftor.536431
K7GWTrojan ( 005091e91 )
K7AntiVirusTrojan ( 005091e91 )
TrendMicroTROJ_GEN.R002C0PDU20
BitDefenderThetaGen:NN.ZemsilF.34108.sv0@a4Q1tQe
CyrenW32/Trojan.VTMT-0005
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Graftor.536431
KasperskyTrojan-Spy.MSIL.Agent.tgcu
AlibabaTrojanSpy:MSIL/Enigma.20b77666
NANO-AntivirusTrojan.Win32.Graftor.hjnxzm
AegisLabWorm.Win32.Generic.lDtD
TencentMsil.Trojan-spy.Agent.Llqr
Ad-AwareGen:Variant.Graftor.536431
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1105127
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Graftor.536431 (B)
IkarusTrojan.MSIL.Agent
AviraHEUR/AGEN.1105127
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/MSIL.AGeneric
Endgamemalicious (high confidence)
ArcabitTrojan.Graftor.D82F6F
SUPERAntiSpywareTrojan.Agent/Gen-Injector
ZoneAlarmTrojan-Spy.MSIL.Agent.tgcu
MicrosoftTrojan:Win32/Skeeyah.B!rfn
AhnLab-V3Malware/Win32.RL_Generic.R329369
Acronissuspicious
ALYacGen:Variant.Graftor.536431
VBA32Trojan.Downloader
MalwarebytesBackdoor.Orcus
ZonerTrojan.Win32.75536
ESET-NOD32a variant of Win32/Packed.Enigma.BN
TrendMicro-HouseCallTROJ_GEN.R002C0PDU20
RisingBackdoor.Orcus!1.B603 (CLOUD)
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GenericRXKC.IY!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Generic/Trojan.Spy.24c

How to remove Graftor.536431?

Graftor.536431 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment