Malware

Should I remove “Graftor.876623 (B)”?

Malware Removal

The Graftor.876623 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.876623 (B) virus can do?

  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Deletes its original binary from disk
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

dustywinslow.com
dongxinh.com
iglesiaelrenacer.com
lovemydress.pl
mhomeusa.com
clothdiapersexpert.com

How to determine Graftor.876623 (B)?



File Info:

crc32: E54991D2
md5: 4fcc3450eb59ae260688ef3a442ababa
name: 4FCC3450EB59AE260688EF3A442ABABA.mlw
sha1: 99ba0adb91fefb6a97818c2ea98e57ae5f622bde
sha256: 4055b39928a8d30d5a12dea31cdd6181eb0255576a5de454861d4130fe6513b4
sha512: 9a12e2968f4a6a8f6f597d73c44a650f8ba8b91e4f0030494ea3317e45a042aa6cb92f31e2eba90cf6c0417b85e7dc5bdc7163ab79636c5994e2cbd39d1af3cc
ssdeep: 3072:U5KS4guAGY2j4muYBzMXuXZ7+LXOXhNjYQrSkKvZ6nXYM4i32KS1CmTRpAC5f:G3m+WVYQrYvGYM4i3271CgXA4
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Graftor.876623 (B) also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0055e3ef1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3981
CynetMalicious (score: 100)
ALYacGen:Variant.Graftor.876623
CylanceUnsafe
ZillyaTrojan.Bitman.Win32.3416
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 0055e3ef1 )
Cybereasonmalicious.0eb59a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Filecoder.TeslaCrypt.I
APEXMalicious
AvastWin32:Mutex-I [Trj]
ClamAVWin.Ransomware.Teslacrypt-7344116-0
KasperskyTrojan-Ransom.Win32.Bitman.jiv
BitDefenderGen:Variant.Graftor.876623
NANO-AntivirusTrojan.Win32.Bitman.eiyabp
MicroWorld-eScanGen:Variant.Graftor.876623
TencentWin32.Trojan.Bitman.Piau
Ad-AwareGen:Variant.Graftor.876623
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZexaF.34126.puW@ayhDJsf
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.F116KS
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
FireEyeGeneric.mg.4fcc3450eb59ae26
EmsisoftGen:Variant.Graftor.876623 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.ndee
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.172CAC3
MicrosoftRansom:Win32/Tescrypt.T
ArcabitTrojan.Graftor.DD604F
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Graftor.876623
McAfeeGenericRXFC-NV!4FCC3450EB59
MAXmalware (ai score=85)
VBA32SScope.TrojanRansom.Filecoder
MalwarebytesMalware.AI.3501696827
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_CRYPTESLA.F116KS
RisingTrojan.Generic@ML.100 (RDML:wFpUWkataSA61RSKRfOYaA)
YandexTrojan.Bitman!XzWgsIoEp9U
IkarusTrojan-Ransom.TeslaCrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.2240!tr
AVGWin32:Mutex-I [Trj]
Paloaltogeneric.ml

How to remove Graftor.876623 (B)?

Graftor.876623 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment