Malware

Graftor.785304 removal instruction

Malware Removal

The Graftor.785304 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.785304 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to modify desktop wallpaper
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Emotet malware family
  • Attempts to modify proxy settings
  • Created a service that was not started

How to determine Graftor.785304?



File Info:

name: 54771466723C4805DB6F.mlw
path: /opt/CAPEv2/storage/binaries/c563bcdb45acd24908cbe6107e92f13efeeeb70c5f70fd3da4a85e581831f9cb
crc32: 625DE80D
md5: 54771466723c4805db6f969a4705dfdf
sha1: 1195e45693a869c158f8ccb4438adeda471b7325
sha256: c563bcdb45acd24908cbe6107e92f13efeeeb70c5f70fd3da4a85e581831f9cb
sha512: f8e97fbadfd8374f85e1175d2d63b1d756a55cc14fd523c3926ac5397f587563277b72bec843f0e2aa21fc8fee6a7521717ce3f00f1435d8619afc4c76812adf
ssdeep: 12288:f4ySBdIbr7MWY5aGSjelS67g/0YGIQD7:QySBm37MWY5yjJ/0Yg7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CDD48D0176B0C136C5B355700EF9A772BAB8D9608F35A7CB77A1CB5E1A325C16B3321A
sha3_384: edee5d6f15953fc13a431152f77a5924a04250ec188e54d6681e28d994cddac0af83eb6ba120868bd8d9a17fe34d0f00
ep_bytes: 558bec6aff68905c460068f842410064
timestamp: 2020-06-26 17:31:28


Version Info:

FileDescription: SNAP MFC Application
FileVersion: 1, 0, 0, 1
InternalName: SNAP
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: SNAP.EXE
ProductName: SNAP Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Graftor.785304 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Emotet.L!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.785304
FireEyeGeneric.mg.54771466723c4805
ALYacGen:Variant.Graftor.785304
ZillyaBackdoor.Emotet.Win32.323
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Emotet.556ebce0
K7GWTrojan ( 00569aa51 )
K7AntiVirusTrojan ( 00569aa51 )
CyrenW32/Trickbot.EG.gen!Eldorado
SymantecTrojan.Emotet
ESET-NOD32a variant of Win32/Kryptik.HEMS
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Emotet-9804539-0
KasperskyHEUR:Backdoor.Win32.Emotet.vho
BitDefenderGen:Variant.Graftor.785304
AvastWin32:BankerX-gen [Trj]
TencentMalware.Win32.Gencirc.11a14ad2
Ad-AwareGen:Variant.Graftor.785304
TACHYONBackdoor/W32.Emotet.599552
SophosMal/Generic-S
DrWebTrojan.DownLoader33.58288
TrendMicroTrojanSpy.Win32.EMOTET.YXBKZZ
McAfee-GW-EditionBehavesLike.Win32.Emotet.hm
EmsisoftTrojan.Emotet (A)
IkarusTrojan-Banker.Emotet
GDataGen:Variant.Graftor.785304
JiangminBackdoor.Emotet.ky
AviraTR/AD.Emotet.qqmrc
Antiy-AVLTrojan/Generic.ASMalwS.30A7A98
MicrosoftTrojan:Win32/Emotet.DBV!MTB
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.R365337
McAfeeEmotet-FRC!54771466723C
MAXmalware (ai score=89)
VBA32Trojan.Agent
MalwarebytesTrojan.MalPack.TRE
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.YXBKZZ
RisingTrojan.Kryptik!1.C713 (CLASSIC)
YandexTrojan.Kryptik!8vb0kV9KAIk
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HEEL!tr
BitDefenderThetaGen:NN.ZexaE.34294.Ky0@aGxHLxki
AVGWin32:BankerX-gen [Trj]
Cybereasonmalicious.6723c4
PandaTrj/GdSda.A

How to remove Graftor.785304?

Graftor.785304 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment