Categories: Malware

How to remove “Graftor.702970”?

The Graftor.702970 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Graftor.702970 virus can do?

A file was accessed within the Public folder.
Sample contains Overlay data
Presents an Authenticode digital signature
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Attempts to modify proxy settings
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Graftor.702970?


File Info:
name: 602448C2326DE73D51F9.mlwpath: /opt/CAPEv2/storage/binaries/70c8775be8402008a37c3bc05b77f4daccfdf99c20a9bd9a71137fc6d4512fb3crc32: 9F4FC90Bmd5: 602448c2326de73d51f99321b4d302b4sha1: c41dfe1d60d209f1bbbd821948a1e74492d52f64sha256: 70c8775be8402008a37c3bc05b77f4daccfdf99c20a9bd9a71137fc6d4512fb3sha512: a6be8a15ca63b780c5db5683f8c29b06ce12550b86f3eaba718827ce9fd9a751e3eb8108f4f125e2a15a41655dcd8d3f4bb83d1fb2609bb72a36d6ea186288ffssdeep: 12288:Rvk272jVu7B024hoBLNkSWWW5i8B9bKUggjw+iMKpCUlHyuliYgUenW:R827qVu7TzrzeN9bKjgjlKpnTiUtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1720523D403102428F6A70F346A5ADAB24FFADC0617915F1F1A0AFDC5793A3B87936867sha3_384: be248e6de07e5f4e50ca4dcdbd260c891b2583bff22a68aff3efb346ff4980c0ba2e119bd4a2999947ebdee2ec95e594ep_bytes: 60be00a05b008dbe0070e4ff57eb0b90timestamp: 2018-06-06 00:41:34
Version Info:
FileVersion: 1.1.0.0FileDescription: 闪点启动ProductName: 闪点启动ProductVersion: 1.1.0.0CompanyName: 闪点启动LegalCopyright: Copyright 2019 Fastart. All Rights ReservedComments: 闪点启动Translation: 0x0804 0x04b0

Graftor.702970 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Graftor.702970
ClamAV	Win.Malware.Trojanx-9951053-0
FireEye	Generic.mg.602448c2326de73d
ALYac	Gen:Variant.Graftor.702970
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005246d51 )
Alibaba	TrojanSpy:Win32/Estoler.181228
K7GW	Trojan ( 005246d51 )
CrowdStrike	win/grayware_confidence_90% (W)
VirIT	PUP.Win32.Generic.R
Cyren	W32/Trojan.IRG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Gen:Variant.Graftor.702970
Avast	Win32:TrojanX-gen [Trj]
Tencent	Trojan-DL.Win32.Flystudio.yq
Emsisoft	Gen:Variant.Graftor.702970 (B)
F-Secure	Heuristic.HEUR/AGEN.1346605
VIPRE	Gen:Variant.Graftor.702970
TrendMicro	TROJ_GEN.R002C0XHA23
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.high.ml.score
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.Win32.Disabler
Jiangmin	Trojan.Generic.eljwd
Avira	HEUR/AGEN.1346605
Antiy-AVL	Trojan/Win32.FlyStudio.a
Arcabit	Trojan.Graftor.DAB9FA
ZoneAlarm	VHO:Trojan-Downloader.Win32.Convagent.gen
GData	Win32.Trojan.PSE.1TYMTF4
Google	Detected
McAfee	Artemis!602448C2326D
MAX	malware (ai score=89)
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0XHA23
Rising	Downloader.FlyStudio!8.5E9 (TFE:5:RnDYuPZj72N)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/Application
BitDefenderTheta	Gen:NN.ZexaF.36350.XmMfaSKDORoH
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.2326de
DeepInstinct	MALICIOUS