Malware

Should I remove “Graftor.693”?

Malware Removal

The Graftor.693 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.693 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Danish
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Graftor.693?



File Info:

name: DA6EB91D77EDA4FC057A.mlw
path: /opt/CAPEv2/storage/binaries/b6689aacd01c6354f6d8f52b87f2a85f0e11cee0ab51d2c1fee6263ef95bf01b
crc32: 65FC005B
md5: da6eb91d77eda4fc057ae6042abd0925
sha1: 54bb6328e4dc40743fdbd277813101127e0b6fcf
sha256: b6689aacd01c6354f6d8f52b87f2a85f0e11cee0ab51d2c1fee6263ef95bf01b
sha512: 54bea56f6977de709697770abd4f2b2b92329cf48a7a237534ea87b8e6003a5db153a81e1e1e7596a00f97f1215e02574f33ae4ca783ff617b37abef5e7a9acb
ssdeep: 3072:kGu9BlfzWIbXWm+w0JSz5bgsG7K/Em/y8RWzP4rzC2LT3TKZyqFAbpRwf8pRp9s:k/0uota+BFAbptM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T108D39D2256D4913FF4E123B069FA12A32779BCE02B7963AF934915D85C713C0A67932F
sha3_384: 5909447b0402310ef2e78d14f7395a783dab40b1a9a65fff0a3a5e79fd4cd6078806786f215d0a86dc4aae463d1e7ec1
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2008-04-13 18:32:45


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operativsystem
ProductVersion: 6.00.2900.5512
Translation: 0x0406 0x04b0

Graftor.693 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Refroso.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.693
ClamAVWin.Trojan.Refroso-4876
FireEyeGen:Variant.Graftor.693
ALYacGen:Variant.Graftor.693
VIPREGen:Variant.Graftor.693
SangforTrojan.Win32.Injector.EGW
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Refroso.78428877
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.d77eda
BitDefenderThetaAI:Packer.D966911F20
VirITTrojan.Win32.VB.AYPC
SymantecTrojan.Gen.6
ESET-NOD32a variant of Win32/Injector.EGW
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Refroso.dnag
BitDefenderGen:Variant.Graftor.693
NANO-AntivirusTrojan.Win32.Crypted.dgfvp
AvastWin32:GenMalicious-KJI [Trj]
TencentWin32.Trojan.Refroso.Eplw
EmsisoftGen:Variant.Graftor.693 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
McAfee-GW-EditionGeneric VB.fq
Trapminesuspicious.low.ml.score
SentinelOneStatic AI – Suspicious SFX
GDataGen:Variant.Graftor.693 (2x)
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Refroso
XcitiumMalware@#2zetev3ksnxag
ArcabitTrojan.Graftor.693 [many]
ZoneAlarmTrojan.Win32.Refroso.dnag
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
McAfeeArtemis!DA6EB91D77ED
MAXmalware (ai score=100)
VBA32BScope.Malware-Cryptor.VBCR.2512
Cylanceunsafe
PandaBck/Iroffer.BG
RisingTrojan.VBInject!1.64FE (CLOUD)
YandexTrojan.Refroso!g/nx2zjJmo0
IkarusTrojan-Dropper.Win32.VB
FortinetW32/VBKrypt.BBBQ!tr
AVGWin32:GenMalicious-KJI [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Graftor.693?

Graftor.693 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment