Malware

What is “Graftor.841970 (B)”?

Malware Removal

The Graftor.841970 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.841970 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Graftor.841970 (B)?



File Info:

name: 531F57266F0EF0D45429.mlw
path: /opt/CAPEv2/storage/binaries/fdf83f9a3dc31ab721ed8e2c8f3757851979b1cfc504387847e7b54d93098bcd
crc32: 79BEB00C
md5: 531f57266f0ef0d45429404a75579f4e
sha1: acd0ec8b278d795c1b596fd75a896aad469ca0f1
sha256: fdf83f9a3dc31ab721ed8e2c8f3757851979b1cfc504387847e7b54d93098bcd
sha512: a2102dfc4fdb6f18345abb2534e996f1a8fea8fd928c93f965897b67faf6257cdc99305ef8fe992c55fdc05625369099a5077e3b2aadeefa6226d3e47b9a7a62
ssdeep: 12288:X40kYZj5YP1sUobYdIrjgtdEyDewwK8aEgMgQs+v8Ms+Ox0SoedFbTeAtSSSSSS+:XdkYdUoQIrktdEwuKSe+0lnWus
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12FE4F19825DD6492F7245DF086C267E85A23B8F90E9E4FD23C022E7D8611CC15FFA678
sha3_384: 72a73a4bd5f9ab0d4d332b185a7aef8e0a1040b4644815123f7c7beb2219baa3d309216d868fbf5259b6cbf952616927
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2014-02-27 06:41:59


Version Info:

CompanyName: Microsoft Corporation
FileVersion: 1.0.0.155
FileDescription: Mira Malware
InternalName: 
LegalCopyright: Microsoft Corporation
LegalTrademarks: 
OriginalFilename: 
ProductName: Mira Malware
ProductVersion: 1.0.0.155
Translation: 0x0409 0x04e4

Graftor.841970 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.841970
FireEyeGeneric.mg.531f57266f0ef0d4
ALYacGen:Variant.Graftor.841970
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005376ae1 )
K7GWTrojan ( 005376ae1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34084.QG3aa0qyAwdi
CyrenW32/S-93599454!Eldorado
SymantecML.Attribute.HighConfidence
ClamAVWin.Malware.Ulise-9875243-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.841970
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:PWSX-gen [Trj]
Ad-AwareGen:Variant.Graftor.841970
EmsisoftGen:Variant.Graftor.841970 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosML/PE-A + W32/Mira-B
IkarusWorm.Win32.VB
GDataGen:Variant.Graftor.841970
JiangminTrojan.Hesv.egf
eGambitUnsafe.AI_Score_99%
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.30F853C
ArcabitTrojan.Graftor.DCD8F2
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.R364015
Acronissuspicious
McAfeeGenericRXAA-AA!531F57266F0E
MAXmalware (ai score=83)
VBA32Trojan.Bitrep
MalwarebytesWorm.Mira
APEXMalicious
RisingWorm.Mira!1.B25B (CLASSIC)
YandexTrojan.Agent!L8ikZ/GaqAM
SentinelOneStatic AI – Malicious PE
MaxSecureWin.MxResIcn.Heur.Gen
FortinetW32/Agent.3DFA!tr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.66f0ef

How to remove Graftor.841970 (B)?

Graftor.841970 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment