Malware

Graftor.547707 (file analysis)

Malware Removal

The Graftor.547707 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.547707 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by registry key

How to determine Graftor.547707?



File Info:

name: A666A03798E0C5896BD5.mlw
path: /opt/CAPEv2/storage/binaries/bb5a54eee07de4f1bbb168ad21bd12ae082a17aeb2827c15aa742d2bf218cc3f
crc32: D21F63AE
md5: a666a03798e0c5896bd556278cc55550
sha1: 737029526604280f9bf68aafc62d0fe6bce955a8
sha256: bb5a54eee07de4f1bbb168ad21bd12ae082a17aeb2827c15aa742d2bf218cc3f
sha512: 8312cb4a0a49eb85b7f243aed417c7a1db2721d24281d1f1299fd90d54ef81e02ccb7b47a3ce3005bc063f1ac3fda6675f9705642a86dd5ae800389eaf2f6095
ssdeep: 3072:dC3zFJAPrd7AkDVxiF5VC7fptD3cyVxpC8aVKhtsQKY8ow8of:w3zFUkkDVkQ3PfcKrKyw/f
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D949A9377CD9FC3D1436478901A123228AFED225B4AFAE79440FB2F6D7DBE59068184
sha3_384: 88e41b4493b5fab6de462c9e7a671cac891c833b9414937f38c163bf6fd264aff78931ca3452bca116885a5304d3309f
ep_bytes: e8f2150000e978feffff8bff558bec8b
timestamp: 2019-01-10 09:57:14


Version Info:

Comments: BLegalCopyright
ense: MPL 2: FCompanyName
illa Foundation: bFileDescription
nderbird Software ipdater: :FileVersion
2.0esrpre:  
ternalName: 8LegalTrademarks
illa: @OriginalFilename
ater.exe: 8ProductName
nderbird: 6BuildID
50813074416: D
Translation: 0x0000 0x04b0

Graftor.547707 also known as:

LionicTrojan.Win32.NetStream.4!c
MicroWorld-eScanGen:Variant.Graftor.547707
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Graftor.547707
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053d3b21 )
AlibabaTrojan:Win32/Bunitu.ali1000105
K7GWTrojan ( 0053d3b21 )
Cybereasonmalicious.798e0c
CyrenW32/Trojan.BUF.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.GTKI
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Bunitu-9951466-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.547707
NANO-AntivirusTrojan.Win32.Kryptik.fmdrnw
AvastWin32:DangerousSig [Trj]
RisingTrojan.Kryptik!1.B56C (CLASSIC)
Ad-AwareGen:Variant.Graftor.547707
SophosML/PE-A + Mal/Cerber-AM
ComodoTrojWare.Win32.TrojanProxy.Bunitu.JL@80mh7b
DrWebTrojan.Siggen8.1067
ZillyaTrojan.NetStream.Win32.372
TrendMicroRansom.Win32.SHADE.SMB.hp
McAfee-GW-EditionTrickbot-FRDP!A666A03798E0
FireEyeGeneric.mg.a666a03798e0c589
EmsisoftGen:Variant.Graftor.547707 (B)
GDataGen:Variant.Graftor.547707
JiangminTrojan.NetStream.ek
AviraHEUR/AGEN.1238232
ArcabitTrojan.Graftor.D85B7B
MicrosoftTrojan:Win32/Qbot.TO!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Bunitu.R251455
Acronissuspicious
McAfeeTrickbot-FRDP!A666A03798E0
MAXmalware (ai score=83)
VBA32BScope.Trojan.NetStream
MalwarebytesTrojan.Bunitu
TrendMicro-HouseCallRansom.Win32.SHADE.SMB.hp
TencentMalware.Win32.Gencirc.10cd4d4b
YandexTrojan.GenAsa!YFFH2crG+dY
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.74064371.susgen
FortinetW32/Kryptik.GKHG!tr
BitDefenderThetaGen:NN.ZexaF.34712.zq1@auz2xVhi
AVGWin32:DangerousSig [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Graftor.547707?

Graftor.547707 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment