Malware

Graftor.854708 malicious file

Malware Removal

The Graftor.854708 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.854708 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Graftor.854708?



File Info:

name: 31DC30E0EAB52F5ADB2A.mlw
path: /opt/CAPEv2/storage/binaries/7ea82497a01ef4d40e33960c26c974b32c7373875e6870ce34e7af2c8ee1c8ad
crc32: 5E5441EE
md5: 31dc30e0eab52f5adb2aff084290b5e4
sha1: 0b3ae35c4e40f9347f9831f82eceaffae6c66aa9
sha256: 7ea82497a01ef4d40e33960c26c974b32c7373875e6870ce34e7af2c8ee1c8ad
sha512: 7d201dcfa30b3ed68fddb4c6487d7fa55f1a6ae000c4d665ee9eaa37f99a1921d2f36c451cac82bb733cec1b06e593fba211d29309e27450a023f025a08b63a1
ssdeep: 1536:Upr+lgOZJltE0jFciX8TWaMLDd449EmOmKaKTKa0vje5FuNnouy8JMJ:5gOZi0GWaWZ9X9HAFaoutJMJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16573011AB2368E42F46A42341E79BAAA0460FD21CC90876F74D53F7F0A71B484E2DD73
sha3_384: 26d28ababe521021df674cd0ba08ed2b49b2c318c40422e6f8434975674d2f1f8636a424ea3511b8cfffc29f2b441171
ep_bytes: 60be00a042008dbe0070fdff5789e58d
timestamp: 2010-12-12 07:24:26


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
LegalCopyright: TODO: (c) .  All rights reserved.
InternalName: IEKeyword_EXE.exe
OriginalFilename: IEKeyword_EXE.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0412 0x03b5

Graftor.854708 also known as:

Elasticmalicious (moderate confidence)
DrWebTrojan.DownLoader4.2145
MicroWorld-eScanGen:Variant.Graftor.854708
FireEyeGeneric.mg.31dc30e0eab52f5a
CAT-QuickHealTrojanDownloader.Fosniw.C5
ALYacGen:Variant.Graftor.854708
CylanceUnsafe
ZillyaDownloader.Fosniw.Win32.15681
K7AntiVirusTrojan ( 004edc381 )
K7GWTrojan ( 004edc381 )
Cybereasonmalicious.0eab52
ArcabitTrojan.Graftor.DD0AB4
BitDefenderThetaAI:Packer.A0A29A301F
CyrenW32/Fosniw.E.gen!Eldorado
SymantecDownloader
ESET-NOD32a variant of Win32/TrojanDownloader.Fosniw.AU
APEXMalicious
ClamAVWin.Trojan.Fosniw-2
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.854708
NANO-AntivirusTrojan.Win32.Dwn.brjyov
AvastWin32:DropperX-gen [Drp]
TencentWin32.AdWare.Generic.Bujl
Ad-AwareGen:Variant.Graftor.854708
EmsisoftGen:Variant.Graftor.854708 (B)
ComodoTrojWare.Win32.Agent.FNA@3os0mb
BaiduWin32.Trojan-Downloader.Fosniw.a
VIPREGen:Variant.Graftor.854708
TrendMicroTROJ_AGENT_008606.TOMB
McAfee-GW-EditionBehavesLike.Win32.Dropper.lc
Trapminemalicious.high.ml.score
SophosMal/Behav-044
SentinelOneStatic AI – Malicious PE
JiangminAdWare.Generic.twxa
GoogleDetected
AviraTR/Agent.233472.31
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Graftor.854708
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Winsoft31.Gen
McAfeeGeneric Malware.u!pec
MAXmalware (ai score=85)
VBA32Trojan.Scar
MalwarebytesAdware.WindowLivePot
TrendMicro-HouseCallTROJ_AGENT_008606.TOMB
RisingTrojan.IEKeyword!1.6A27 (CLOUD)
YandexTrojan.GenAsa!0ZWgMw0FVW4
IkarusGen.Variant.Cudos
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Dloader.ANW!tr
AVGWin32:DropperX-gen [Drp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Graftor.854708?

Graftor.854708 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment