Malware

Graftor.678778 malicious file

Malware Removal

The Graftor.678778 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.678778 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Graftor.678778?



File Info:

name: 89ABA9CEB88629D91651.mlw
path: /opt/CAPEv2/storage/binaries/5b9e341d687d887516d200115dec5d8cab8bd150b6cef867cb209fda8bdf7168
crc32: 2323A3BF
md5: 89aba9ceb88629d916510df7c000a8ed
sha1: f20ceafa23ad84beefe76dd6493fd293d0736069
sha256: 5b9e341d687d887516d200115dec5d8cab8bd150b6cef867cb209fda8bdf7168
sha512: 528c3d31b7f22d7604e3ffd8cbe12cea19464df7f496eed3d2dbebde54d61763cd830d82fbe12433a421ad2718a72d2dd371a8a544b70acbb1f58384574e10b6
ssdeep: 6144:PIBIAh1JgogRZ44F4eGA2etBdy9cUlOG0P6loU:QPh7gomZ44F4eGA2etBdy93nY6lJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7A6D0C1606CD32BE22179FECD05A96C9528F3E5A802A308DF59CE6655EF5CC42FB253
sha3_384: ca66e14fa3902c502ffe707062505920563df9931600d08cae1b3923449d586ffec22c8fef717bc52d1adb5f26c78c8b
ep_bytes: 6a006a006a006a006a00ff15c4004100
timestamp: 2004-09-28 11:01:37


Version Info:

CompanyName: Qpsriqv Ltfhofo
FileDescription: Qpsriqv Gsubosvut Cwddbxox
FileVersion: 2, 96, 109, 64
InternalName: Qpsriqv
LegalCopyright: Copyright © Qpsriqv Ltfhofo 2004-2011
OriginalFilename: Qpsriqv.exe
ProductName: Qpsriqv Gsubosvut Cwddbxox
ProductVersion: 2, 96, 109, 64
Translation: 0x0409 0x04e4

Graftor.678778 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.678778
FireEyeGeneric.mg.89aba9ceb88629d9
ALYacGen:Variant.Graftor.678778
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.987896
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojan:Win32/Dishigy.2514652f
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.eb8862
VirITBackdoor.Win32.DirtJump.H
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.OJJ
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.678778
NANO-AntivirusTrojan.Win32.DirtJump.eelwih
SUPERAntiSpywareTrojan.Agent/Gen-Falprod[Cont]
AvastWin32:Krajabot [Trj]
TencentWin32.Trojan.Kryptik.Ecul
Ad-AwareGen:Variant.Graftor.678778
EmsisoftGen:Variant.Graftor.678778 (B)
DrWebBackDoor.DirtJump.1
VIPREPacked.Win32.PWSZbot.gen (v)
McAfee-GW-EditionBehavesLike.Win32.Worm.tz
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Graftor.678778
JiangminTrojan/Jorik.giq
AviraTR/Crypt.XPACK.Gen2
Antiy-AVLTrojan/Win32.AGeneric
ArcabitTrojan.Graftor.DA5B7A
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Dishigy.B
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!89ABA9CEB886
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
RisingTrojan.Dishigy!8.80E (CLOUD)
YandexTrojan.Agent!D3XkQyA4SnY
IkarusTrojan-Ransom.Gimemo
FortinetW32/Kryptik.NAS!tr
BitDefenderThetaAI:Packer.23FD00AE20
AVGWin32:Krajabot [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Graftor.678778?

Graftor.678778 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment