Malware

Graftor.654775 removal tips

Malware Removal

The Graftor.654775 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.654775 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the EnigmaStub malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Graftor.654775?



File Info:

name: 5314841D4EAE2AEAAEF7.mlw
path: /opt/CAPEv2/storage/binaries/b3a263c3bb5c1b27b36baeeafcd9119375278ac072b3ad28c3b12070ba552947
crc32: 9CF509B8
md5: 5314841d4eae2aeaaef765d1da35dcd2
sha1: 1fabf781cd82f885938f6e611e58b7c9a8b7e1d8
sha256: b3a263c3bb5c1b27b36baeeafcd9119375278ac072b3ad28c3b12070ba552947
sha512: 4355a8af043e80138178a18633957ac8e9904dc03da609c534ea78c42db7573618482bdf1c3df92a7810f492a7288240d130ad995f5268a1185619b1c4507364
ssdeep: 196608:z3q6ESRmsmZEiYEt0r7qHb6nO/qwma0hwN:z66ESAPEiYEtO7qenwca0h
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1337633592F2559BBE3145EFF1EF17F8DA830EB626B4A162CB658D81C1BE0F460E940C4
sha3_384: 97b5bd7bda422459578947c3bca01b141cc6b5f354506a45a8a2208dca429a8b8118618398ee8d7eae0786556fb25b5b
ep_bytes: eb08007066000000000060e800000000
timestamp: 2022-01-21 18:36:44


Version Info:

Translation: 0x0000 0x04b0
Comments: Launcher for Serenity Kingdom.
CompanyName: 
FileDescription: Serenity Kingdom Launcher
FileVersion: 1.0.0.4
InternalName: Launcher.exe
LegalCopyright: Copyright Eperty123 © 2021
LegalTrademarks: 
OriginalFilename: Launcher.exe
ProductName: Serenity Launcher AK
ProductVersion: 1.0.0.4
Assembly Version: 1.0.0.0

Graftor.654775 also known as:

BkavW32.AIDetect.malware2
LionicRiskware.Win32.Graftor.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.654775
FireEyeGeneric.mg.5314841d4eae2aea
McAfeeArtemis!5314841D4EAE
CylanceUnsafe
SangforPUP.Win32.Caypnamer.A!ml
BitDefenderGen:Variant.Graftor.654775
Cybereasonmalicious.d4eae2
BitDefenderThetaGen:NN.ZexaF.34212.@B0@aGfLcom
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.M suspicious
TrendMicro-HouseCallTROJ_GEN.R002H09B822
Paloaltogeneric.ml
ClamAVWin.Dropper.njRAT-9244937-0
AlibabaPacked:Win32/EnigmaProtector.1b9e9b90
Ad-AwareGen:Variant.Graftor.654775
EmsisoftGen:Variant.Graftor.654775 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
SentinelOneStatic AI – Malicious PE
SophosGeneric PUA BP (PUA)
APEXMalicious
eGambitUnsafe.AI_Score_100%
AviraHEUR/AGEN.1231063
MAXmalware (ai score=82)
MicrosoftProgram:Win32/Wacapew.C!ml
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Graftor.D9FDB7
GDataGen:Variant.Graftor.654775
CynetMalicious (score: 100)
VBA32Trojan.Wacatac
ALYacGen:Variant.Graftor.654775
RisingMalware.Heuristic!ET#97% (RDMK:cmRtazowiESuRq1CCQY5Nv3qGiNA)
YandexRiskware.EnigmaProtector!n2ep9ic7HfY
IkarusTrojan.Win32.Enigma
FortinetRiskware/Application
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Graftor.654775?

Graftor.654775 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment