Malware

Graftor.846932 removal instruction

Malware Removal

The Graftor.846932 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.846932 virus can do?

  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Starts servers listening on 127.0.0.1:45808
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs an hook procedure to monitor for mouse events
  • Sniffs keystrokes
  • Installs Tor on the infected machine
  • Anomalous binary characteristics

How to determine Graftor.846932?



File Info:

crc32: 36622D5F
md5: db02751a702b316fe074381f82f04965
name: 16.exe
sha1: 91e97b619bd304e378c45c098a0b86aa3d04ce88
sha256: ec398da6edfe8bed686dfea4eb60c65d7b3ddd92ee75c09aa5332c9bf12a42c2
sha512: bf8e08c2bd66eada7ef6fd9c4d1744accdaf00d11b79b108e136725fc0bfe4b344eb0205727eabca929c51b9940ff940b244eb6e7f970eda0d465f891d1b1d63
ssdeep: 98304:Nwl3wUaj6mRa8gH186xwnhKAFhovosyo31CPwDv3uFZjhUg2EeJUO9WLQ0+mN+L:NwKUvmRaBxwhzav1yo31CPwDv3uFZje
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

0: [No Data]

Graftor.846932 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.846932
FireEyeGen:Variant.Graftor.846932
CAT-QuickHealTrojan.Agentb
Qihoo-360Win32/Trojan.0c0
McAfeeGenericRXAA-AA!DB02751A702B
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Agentb.4!c
SangforMalware
K7AntiVirusTrojan ( 00569be91 )
BitDefenderGen:Variant.Graftor.846932
K7GWTrojan ( 00569be91 )
Cybereasonmalicious.19bd30
TrendMicroTROJ_GEN.R002C0PJG20
CyrenW32/Downloader.N.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agentb.jzwz
AlibabaTrojan:Win32/Agentb.b04986a4
ViRobotTrojan.Win32.Z.Agent.5857280.O
TencentMalware.Win32.Gencirc.11b04868
Ad-AwareGen:Variant.Graftor.846932
SophosMal/Generic-S
ComodoMalware@#2v1ln53j7q1uf
F-SecureDropper.DR/Delphi.Gen
DrWebTrojan.DownLoader35.1504
ZillyaTrojan.Agent.Win32.1474553
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftTrojan.Agent (A)
IkarusTrojan.Win32.Agent
GDataGen:Variant.Graftor.846932
JiangminTrojan.Agentb.hsv
AviraDR/Delphi.Gen
Antiy-AVLTrojan/Win32.Agentb
GridinsoftTrojan.Win32.Agent.oa
ArcabitTrojan.Graftor.DCEC54
ZoneAlarmTrojan.Win32.Agentb.jzwz
MicrosoftTrojan:Win32/Ymacco.AADC
AhnLab-V3Malware/Win32.RL_Generic.R354094
BitDefenderThetaGen:NN.ZexaF.34590.@pGfaSG@K9ii
ALYacGen:Variant.Graftor.846932
MAXmalware (ai score=100)
VBA32BScope.Trojan.CMY3U
MalwarebytesBackdoor.BitRAT
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Agent.ACBZ
TrendMicro-HouseCallTROJ_GEN.R002C0PJG20
YandexTrojan.Agentb!fc91PfAy/fU
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.ACBZ!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)
MaxSecureTrojan.Malware.109134801.susgen

How to remove Graftor.846932?

Graftor.846932 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment