Malware

How to remove “Graftor.680418”?

Malware Removal

The Graftor.680418 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.680418 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the Azorult malware family
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Graftor.680418?



File Info:

name: 68373D00BAE693520E9A.mlw
path: /opt/CAPEv2/storage/binaries/b7c31c527045ac082a2fdb2afc20abe71ead127ed4ac5a06f1a400675e9b0f93
crc32: BC2B1286
md5: 68373d00bae693520e9a190a8277f059
sha1: f70868947cda7fdc5ad29e77feaf20ec86784363
sha256: b7c31c527045ac082a2fdb2afc20abe71ead127ed4ac5a06f1a400675e9b0f93
sha512: 764a7f599e6b43ce2fa26d443d9431d33e60d8ff9910117cc865cf3cf2b9082efe0f8abefdab012fb3081cd6e374074d1c86604ae30bd6b2468abc073b5740bf
ssdeep: 6144:JJgJSSsnzKKg7gE75BAa9kNb4tHgfYEj+XgHTCT0Wcf2zwg:/gJB+GX5BAahyMXgHGTxwg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T198541212DC844BD9E86F19393D8591B325886C5189498FB70DFBFA0A7CF09B0AD6374E
sha3_384: 8dc485c13bb7018406710bda67aac07164d4c671b81a8c0edaf1a09ec6a9ccda5dcb688d92496ca9ff26d18c2bbfbd22
ep_bytes: 60be006043008dbe00b0fcff5783cdff
timestamp: 2019-11-11 19:28:15


Version Info:

OriginalFilename: Considerations.exe
CompanyName: PGWARE LLC
LegalCopyright: (C) 2007-2015 
FileVersion: 4.4.7.4
LegalTrademarks: (C) 2007-2015 
InternalName: Considerations
Comments: Knwable Generals Prjectins
ProductName: Considerations
FileDescription: Knwable Generals Prjectins
ProductVersion: 4.4.7.4
Translation: 0x0409 0x04b0

Graftor.680418 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Azorult.i!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen8.55024
FireEyeGeneric.mg.68373d00bae69352
ALYacGen:Variant.Graftor.680418
CylanceUnsafe
SangforTrojan.Win32.GenericKD.4
K7AntiVirusTrojan ( 0055b6cb1 )
AlibabaTrojanPSW:Win32/Azorult.ddc8a154
K7GWTrojan ( 0055b6cb1 )
Cybereasonmalicious.0bae69
BitDefenderThetaGen:NN.ZexaF.34212.smKfayn3RJpi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GYFL
TrendMicro-HouseCallRansom_HPLOCKY.SME1
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.Azorult.afcu
BitDefenderGen:Variant.Graftor.680418
NANO-AntivirusTrojan.Win32.Azorult.ghhrbi
MicroWorld-eScanGen:Variant.Graftor.680418
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Wnwh
Ad-AwareGen:Variant.Graftor.680418
EmsisoftGen:Variant.Graftor.680418 (B)
ComodoMalware@#3n8vrrw6glvxr
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPLOCKY.SME1
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Graftor.680418
JiangminTrojan.PSW.Azorult.ewb
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1206103
Antiy-AVLTrojan[PSW]/Win32.Azorult
ArcabitTrojan.Graftor.DA61E2
ZoneAlarmTrojan-PSW.Win32.Azorult.afcu
MicrosoftTrojan:Win32/Tiggre!rfn
AhnLab-V3Trojan/Win32.Agent.C3560208
McAfeeArtemis!68373D00BAE6
MAXmalware (ai score=100)
VBA32TrojanPSW.Azorult
MalwarebytesMalware.Heuristic.1003
APEXMalicious
YandexTrojan.PWS.Azorult!WOcc1Az+YG8
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.74693833.susgen
FortinetW32/Kryptik.GYFL!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Graftor.680418?

Graftor.680418 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment