Malware

Graftor.680400 (B) removal

Malware Removal

The Graftor.680400 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.680400 (B) virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive

How to determine Graftor.680400 (B)?



File Info:

name: 132385457D777FC9D5F7.mlw
path: /opt/CAPEv2/storage/binaries/896ab136519673b1f15b98855d45d0992dafde4c50a96ee466ea71ab7fdeec02
crc32: 1A02BD19
md5: 132385457d777fc9d5f7a64d80ee2fc5
sha1: d28447e375c50af7475c0517fa765c4e318f29b8
sha256: 896ab136519673b1f15b98855d45d0992dafde4c50a96ee466ea71ab7fdeec02
sha512: 266d7240ea48a3e7ee6d5c3fd5da448ebd536195f2187d6f393d8f067d56fb128f5c6a0f6f826795366e4b7b7131334f3a5edb7c8c678e3313e2a37a8e5235e4
ssdeep: 3072:YPR9bIpw78n/X3AvGk/cdIsmLtOj0ctnUMMPmYNvlppEiG:oR9Swonf45Y0g8mYNmv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102740830AEC3D4BFF327447581F6CB79D5BEC1191E660453EFAF8AA86A74A2C5D06102
sha3_384: d534fc0eedf9ce6649ff87320070b0b8e110bfcbd4ef29659fd64653faef8307591c64b3b1b061ad1f656e94a1ea402f
ep_bytes: 558bec6aff6800784200687465410064
timestamp: 2019-11-08 14:02:55


Version Info:

FileVersion: 1.0.0.0
FileDescription: 0
ProductName: 拼多多
ProductVersion: 1.0.0.0
CompanyName: 0
LegalCopyright: 0
Comments: 0
Translation: 0x0804 0x04b0

Graftor.680400 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Graftor.680400
ClamAVWin.Dropper.Tiggre-9845940-0
FireEyeGeneric.mg.132385457d777fc9
ALYacGen:Variant.Graftor.680400
CylanceUnsafe
SangforTrojan.Win32.Save.BlackMoon
Cybereasonmalicious.57d777
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
BitDefenderGen:Variant.Graftor.680400
Ad-AwareGen:Variant.Graftor.680400
SophosGeneric PUA NC (PUA)
ComodoApplicUnwnt@#fqz36qe55atx
VIPREGen:Variant.Graftor.680400
McAfee-GW-EditionBehavesLike.Win32.Generic.fm
EmsisoftGen:Variant.Graftor.680400 (B)
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan-Stealer.BlackMoon.D
AviraHEUR/AGEN.1227843
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.6C82
ArcabitTrojan.Graftor.DA61D0
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R303158
McAfeeArtemis!132385457D77
VBA32BScope.TrojanDownloader.Upatre
TrendMicro-HouseCallTROJ_GEN.R002H0CHP22
RisingTrojan.Generic@AI.100 (RDML:SrTWlpVNe59+6RFITINzuQ)
MaxSecureTrojan.Malware.8328450.susgen
FortinetW32/CoinMiner.ESFJ!tr
BitDefenderThetaGen:NN.ZexaF.34606.vq0@aGq2IPeb

How to remove Graftor.680400 (B)?

Graftor.680400 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment