Malware

Graftor.754068 (B) removal instruction

Malware Removal

The Graftor.754068 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Graftor.754068 (B) virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Anomalous binary characteristics

Related domains:

pbstat.haotukankan.com

How to determine Graftor.754068 (B)?


File Info:

crc32: 30AAFF06
md5: 8dcaf97092ee328fcb6b385fe3096663
name: haotu_v2.0.2.1_guanwang_5.exe
sha1: 3a5fb38c7273af663b472b85c632f522e52bb5cf
sha256: abb7ec6eca4c97063ec25a855d4486592905cba2a01107e14c205a775b7e3c1b
sha512: 8fc681ffd85b0f481de46ff4f48b685b577eb864edd7c6e618b18090c53611199b1520a28bf1171e3fb575a64c3b4889905bd6d52f4ca897311fb0cb97283297
ssdeep: 196608:OhI7+zB/Mac7cJyteZ/Hu4pd3GboRC3QUQtq9XC8qiCRPIzDcszsVdyV3P6bOJIX:OdVc7cL/HuM3woRC3hwq9LqvRAXvsfyO
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (C) x9752x67a3x7f51x7edcx79d1x6280x6709x9650x516cx53f8 All Rights Reserved
InternalName: install.exe
CompanyShortName: x9752x67a3x7f51x7edc
FileVersion: 2.0.2.1
CompanyName: x9752x67a3x7f51x7edcx79d1x6280x6709x9650x516cx53f8
BuildTag: 2020/03/31 [001]
ProductShortName: x597dx56fex770bx770b
ProductName: x597dx56fex770bx770b
ProductVersion: 2.0.2.1
FileDescription: x597dx56fex770bx770bx5b89x88c5x5305
OriginalFilename: install.exe
Translation: 0x0804 0x04b0

Graftor.754068 (B) also known as:

MicroWorld-eScanGen:Variant.Graftor.754068
ALYacGen:Variant.Graftor.754068
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusAdware ( 005635451 )
BitDefenderGen:Variant.Graftor.754068
K7GWAdware ( 005635451 )
Invinceaheuristic
ESET-NOD32a variant of Win32/KuaiZip.Z.gen potentially unwanted
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Graftor.754068
AlibabaBackdoor:Win32/KZip.89f3a025
NANO-AntivirusRiskware.Win32.Kuaizip.hjmbbg
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Graftor.754068 (B)
DrWebProgram.Kuaizip.5
McAfee-GW-EditionArtemis!PUP
FireEyeGen:Variant.Graftor.754068
SophosGeneric PUA DK (PUA)
ArcabitTrojan.Graftor.DB8194
MicrosoftPUA:Win32/CoinMiner
VBA32BScope.Adware.KuaiZip
MAXmalware (ai score=82)
Ad-AwareGen:Variant.Graftor.754068
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazqTwrpQm/kBfybLDXFPwykV)
FortinetRiskware/Generic_PUA_DK
AVGWin32:Malware-gen

How to remove Graftor.754068 (B)?

Graftor.754068 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment