Malware

Graftor.866187 (B) removal

Malware Removal

The Graftor.866187 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.866187 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Graftor.866187 (B)?



File Info:

name: 49B28A45C92E01851E9B.mlw
path: /opt/CAPEv2/storage/binaries/f619b54bc388b88a3484466e86e35b12502de0b2bee1bf599df2b54c7ea00bc5
crc32: BEB82DDA
md5: 49b28a45c92e01851e9b61c6800c2574
sha1: e2b87975ddd050b065ff22bb2a7d37d2f606c506
sha256: f619b54bc388b88a3484466e86e35b12502de0b2bee1bf599df2b54c7ea00bc5
sha512: c1b02bcfe98e6201e64359c0b5632917d5a49b0841efd0b2ace6617382d975e58609c38da788bd93d6493f8e57b0460de525a976d01eb9781eac675e0450d955
ssdeep: 3072:wvHvh3qYV72xnA816MsJHltHkLUfkW7B9ooNbeFhKA9bu:2h39SnA816MsJF9dfR7B9ooECoC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T143D31226C694C8A3F75B6CB152ECD0B79B2D744DC4DBD916690F0F136E207B02BEA128
sha3_384: 14bf733fdb5e87639a03eac2fd19a02db9c06a3e6356059e8673d9ecf837ab976bea2c12becb2e055ea388121a740262
ep_bytes: 60be151041008dbeebfffeff57eb0b90
timestamp: 2004-10-23 06:53:50


Version Info:

CompanyName: Xfdqbka Ecxgkhsv
FileDescription: Xfdqbka Bdwieft Bisjlixtog
FileVersion: 79,9,110,6
InternalName: Xfdqbka
LegalCopyright: Copyright © Xfdqbka Ecxgkhsv 1995-2010
OriginalFilename: Xfdqbka.exe
ProductName: Xfdqbka Bdwieft Bisjlixtog
ProductVersion: 54,121,10,5
Translation: 0x0409 0x04e4

Graftor.866187 (B) also known as:

BkavW32.MosquitoQKK.Fam.Trojan
LionicTrojan.Win32.Generic.llJM
ClamAVWin.Worm.Kolab-688
FireEyeGeneric.mg.49b28a45c92e0185
CAT-QuickHealWorm.SlenfBot.Gen
McAfeeW32/Pinkslipbot.gen.af
CylanceUnsafe
ZillyaWorm.Kolab.Win32.6035
SangforTrojan.Win32.Bagsu.rfn
K7AntiVirusTrojan ( f1000f011 )
AlibabaTrojanPSW:Win32/Kryptik.a2ef02c5
K7GWTrojan ( f1000f011 )
Cybereasonmalicious.5c92e0
BitDefenderThetaGen:NN.ZexaF.34212.imLfaSOa@edc
VirITTrojan.Win32.Generic.BOCI
CyrenW32/Zbot.CN.gen!Eldorado
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.LDY
TrendMicro-HouseCallBKDR_QAKBOT.SMG
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.866187
NANO-AntivirusTrojan.Win32.Kolab.haynj
SUPERAntiSpywareTrojan.Agent/Gen-Cryptic
MicroWorld-eScanGen:Variant.Graftor.866187
AvastWin32:DangerousSig [Trj]
TencentMalware.Win32.Gencirc.1169d082
Ad-AwareGen:Variant.Graftor.866187
EmsisoftGen:Variant.Graftor.866187 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.PWS.Panda.641
VIPREBackdoor.Win32.Qakbot.ax (v)
TrendMicroBKDR_QAKBOT.SMG
McAfee-GW-EditionW32/Pinkslipbot.gen.af
SentinelOneStatic AI – Malicious PE
SophosMal/Generic-R + Mal/FakeAV-BW
APEXMalicious
GDataGen:Variant.Graftor.866187
JiangminWorm/Kolab.gwq
WebrootW32.Malware.Gen
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.FC2435
ArcabitTrojan.Graftor.DD378B
ViRobotTrojan.Win32.A.Zbot.139912
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!ZA
AhnLab-V3Trojan/Win32.Zbot.R3226
ALYacGen:Variant.Graftor.866187
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
RisingTrojan.Bagsu!8.3B1 (CLOUD)
YandexTrojan.GenAsa!ttDYgHsfigg
IkarusTrojan-PWS.Win32.Zbot
eGambitGeneric.PSW
FortinetW32/Kryptik.NAS!tr
AVGWin32:DangerousSig [Trj]
PandaBck/Qbot.AO
MaxSecureAdware.not.a.virus.WIN32.AdWare.Generic_187595

How to remove Graftor.866187 (B)?

Graftor.866187 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment