Malware

Graftor.628354 (file analysis)

Malware Removal

The Graftor.628354 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.628354 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Graftor.628354?



File Info:

name: 26731B84A03F12AB61EA.mlw
path: /opt/CAPEv2/storage/binaries/80a9a4d63db1b47cc3efd4e5512d90055cd24dea175d7ca7cc8c0c6bce78c1f7
crc32: 8BF035A4
md5: 26731b84a03f12ab61ea9e6c72f8a7a8
sha1: 5b6efbb61086ae71962ac382ee385fddeb4e65f6
sha256: 80a9a4d63db1b47cc3efd4e5512d90055cd24dea175d7ca7cc8c0c6bce78c1f7
sha512: e49b7350af715f22944e98ae02dcbd04a36795b8362fd116e080e4d4d99240fed0a64212ee58d65326987b2ab0fa0c82a5996c5c1ba70e249352b33af9873cd4
ssdeep: 6144:Ir+1eE4kqADEty4kHuEAXhnFyEAv/sJ5UB6+u5onKPU/c/FH98uuO2:I6eE4kpgdkOEAXBFHyH/c/FH98
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13A44EC02B620B63BE072E8B5B558D30B60253D375BA4AC03B6D51B4A95706FBB9F074F
sha3_384: 5e2a7f92db20543ae96c00c22c9094741902531027241612e851450d56bbc75dd5218591a19357f4ba49612eb1fe0d2d
ep_bytes: 68e0414000e8eeffffff000000000000
timestamp: 2011-03-24 13:19:59


Version Info:

Translation: 0x0409 0x04b0
ProductName: UPFKHjwtKInmQtC
FileVersion: 4.93
ProductVersion: 4.93
InternalName: XPTZmKIkX
OriginalFilename: XPTZmKIkX.exe

Graftor.628354 also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.Vobfus.o!c
MicroWorld-eScanGen:Variant.Graftor.628354
FireEyeGeneric.mg.26731b84a03f12ab
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeTrojan-FEOR!26731B84A03F
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaWorm:Win32/Vobfus.0a6334a7
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Graftor.D99682
BitDefenderThetaAI:Packer.02910C6220
VirITTrojan.Win32.SHeur3.BSMB
SymantecW32.Changeup!gen10
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ACQ
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAE
ClamAVWin.Worm.Vobfus-7192126-0
KasperskyWorm.Win32.WBNA.ni
BitDefenderGen:Variant.Graftor.628354
NANO-AntivirusTrojan.Win32.VB.cojbay
AvastWin32:VB-SJP [Trj]
TencentWin32.Worm.Wbna.Eajl
EmsisoftGen:Variant.Graftor.628354 (B)
BaiduWin32.Worm.Autorun.l
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Graftor.628354
TrendMicroWORM_VOBFUS.SMAE
Trapminemalicious.high.ml.score
SophosMal/SillyFDC-N
IkarusWorm.Win32.VBNA
GoogleDetected
AviraTR/Patched.Ren.Gen
VaristW32/Vobfus.P.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.Autorun.BAZK@592clb
MicrosoftWorm:Win32/Vobfus!pz
ViRobotWorm.Win32.A.WBNA.253952.G
ZoneAlarmWorm.Win32.WBNA.ni
GDataGen:Variant.Graftor.628354
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R110544
VBA32BScope.Worm.WBNA
ALYacGen:Variant.Graftor.628354
MAXmalware (ai score=83)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingWorm.Autorun!8.50 (TFE:3:5LjojvittMJ)
YandexTrojan.GenAsa!G5//Uo15L8E
SentinelOneStatic AI – Malicious PE
FortinetW32/VB.ADV!tr
AVGWin32:VB-SJP [Trj]
Cybereasonmalicious.4a03f1
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.40e9e0fd

How to remove Graftor.628354?

Graftor.628354 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment