Malware

Graftor.841970 (file analysis)

Malware Removal

The Graftor.841970 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Graftor.841970 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Graftor.841970?


File Info:

name: 618BDFFD55C6FB050B04.mlw
path: /opt/CAPEv2/storage/binaries/96449350f3a8f51bb9f284facbfc49ac401f1e18835e1d3eb85f4b306782e7e4
crc32: D123D9A6
md5: 618bdffd55c6fb050b04334e8ae0153e
sha1: 971cee223cc3ce190ca818fcde916ba082315774
sha256: 96449350f3a8f51bb9f284facbfc49ac401f1e18835e1d3eb85f4b306782e7e4
sha512: 8e40e5ae25c02894dd698d91f10d0e2d87dc6a038c4771a083a481e6092957b4bd052503c748a14d7754d770bc2790ac3a6dea0700f9c16622d50f45a6279f6f
ssdeep: 12288:X40kYZj5YP1sUobYdIrjgtdEyDewwK8aEgMgobz58SbW1s4RpQGXhTpFPMjFBQN2:XdkYdUoQIrktdEwuKSCTYFBQND6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E3E4CF906556C5B5E4203A3F071B91627F20B25A41C66FFEE42CE831FF6218FB7526E2
sha3_384: 566456e20e479d4b1e517a5e49da243943576815cef46b849e694d4a2466799b1fd146e7c0fd5567658e30aa9b6dc3d3
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2014-02-27 06:41:59

Version Info:

CompanyName: Microsoft Corporation
FileVersion: 1.0.0.155
FileDescription: Mira Malware
InternalName:
LegalCopyright: Microsoft Corporation
LegalTrademarks:
OriginalFilename:
ProductName: Mira Malware
ProductVersion: 1.0.0.155
Translation: 0x0409 0x04e4

Graftor.841970 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.841970
FireEyeGeneric.mg.618bdffd55c6fb05
ALYacGen:Variant.Graftor.841970
CylanceUnsafe
ZillyaTrojan.Generic.Win32.1241776
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005376ae1 )
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.d55c6f
CyrenW32/S-93599454!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Malware.Ulise-9875243-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.841970
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:PWSX-gen [Trj]
Ad-AwareGen:Variant.Graftor.841970
EmsisoftGen:Variant.Graftor.841970 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosML/PE-A + W32/Mira-B
IkarusWorm.Win32.VB
GDataGen:Variant.Graftor.841970
JiangminTrojan.Hesv.egf
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.30F853C
ArcabitTrojan.Graftor.DCD8F2
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.R364015
Acronissuspicious
McAfeeGenericRXAA-AA!618BDFFD55C6
MAXmalware (ai score=82)
VBA32Trojan.Bitrep
MalwarebytesWorm.Mira
RisingWorm.Mira!1.B25B (CLASSIC)
YandexTrojan.Agent!L8ikZ/GaqAM
SentinelOneStatic AI – Malicious PE
MaxSecureWin.MxResIcn.Heur.Gen
FortinetW32/Agent.3DFA!tr
BitDefenderThetaGen:NN.ZexaF.34084.QG3aa0qyAwdi
AVGWin32:PWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Graftor.841970?

Graftor.841970 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment