Malware

About “Graftor.858453 (B)” infection

Malware Removal

The Graftor.858453 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.858453 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A named pipe was used for inter-process communication
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Graftor.858453 (B)?



File Info:

name: 9D7A093D2B9014751CAF.mlw
path: /opt/CAPEv2/storage/binaries/944afbad8979c0bae7b53c992c1327b21e72461e01c963486810ac91b223422b
crc32: 79457399
md5: 9d7a093d2b9014751caff12900ef84b4
sha1: d6a34120ecee7de41feee0424591027695286cf4
sha256: 944afbad8979c0bae7b53c992c1327b21e72461e01c963486810ac91b223422b
sha512: 3529fb78a1a2fa42cfdbcb84f22a9a8bfb5214198bf077cee9476d0e1047324d57e2ac095e8d2199e9ccd76b44ef02fe0caf797336f7186d2651554cc87291fb
ssdeep: 24576:7oRXQlFED4/MQBohc9JTlRcZWM4TGX5q6TqFzjrUtrGLIrjYlfg+yrnyXjUpLGfW:7vE0oaxRcZW1Gs75jrcrcIefg9GwpL3V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D27533262E4DACE1FD1FB5F4169BB1C45A342418736811FBA96FF45CDC0BCDA60209AB
sha3_384: 6d4179b0c448f04a7e5f22de904526cb4ceae1ea2a09534b24bf334ef23f1e418968129890916c8ab2498e4ba3aeb1b1
ep_bytes: 60be006046008dbe00b0f9ff57eb0b90
timestamp: 2020-04-20 08:27:23


Version Info:

Comments: https://fastcopy.jp
CompanyName: FastCopy Lab, LLC.
FileDescription: FastCopy
FileVersion: 4.0.4.0
InternalName: FastCopy
LegalCopyright: Copyright (C) 2004-2022 SHIROUZU Hiroaki and FastCopy Lab, LLC. All rights reserved.
OriginalFilename: FastCopy.exe
ProductName: FastCopy
ProductVersion: 4.0.4.0
Translation: 0x0411 0x04b0

Graftor.858453 (B) also known as:

LionicTrojan.Win32.Graftor.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.858453
FireEyeGeneric.mg.9d7a093d2b901475
ALYacGen:Variant.Graftor.858453
CylanceUnsafe
SangforTrojan.Script.Phonzy.C
K7AntiVirusAdware ( 005071f51 )
BitDefenderGen:Variant.Graftor.858453
K7GWAdware ( 005071f51 )
Cybereasonmalicious.d2b901
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Wacatac-9818389-0
Ad-AwareGen:Variant.Graftor.858453
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftGen:Variant.Graftor.858453 (B)
JiangminTrojan.Agent.cocc
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.3069C19
MicrosoftTrojan:Script/Phonzy.C!ml
GridinsoftRansom.Win32.Miner.sa
GDataGen:Variant.Graftor.858453
AhnLab-V3Trojan/Win32.CoinMiner.R335459
BitDefenderThetaGen:NN.ZexaF.34212.MnNfaiFxxvhH
VBA32BScope.Trojan.Witch
MalwarebytesMalware.AI.4123723563
SentinelOneStatic AI – Malicious PE
FortinetW32/CoinMiner.858453!tr
AVGWin32:TrojanX-gen [Trj]
AvastWin32:TrojanX-gen [Trj]

How to remove Graftor.858453 (B)?

Graftor.858453 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment