Malware

Graftor.915278 removal

Malware Removal

The Graftor.915278 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.915278 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • CAPE detected the PCRat malware family

How to determine Graftor.915278?



File Info:

name: 1501053103A1EA7DAD41.mlw
path: /opt/CAPEv2/storage/binaries/9bacd15da92a6c0b10ee3dd06b4de8be5e56d413b068bf63bb58134c5db72d2f
crc32: 96F1AF3C
md5: 1501053103a1ea7dad41582600a0473e
sha1: df7e13af80e116c22121d445aef005abb9453e00
sha256: 9bacd15da92a6c0b10ee3dd06b4de8be5e56d413b068bf63bb58134c5db72d2f
sha512: f21659d0bba81321ac2f2dacc9826db54c704a22a7334915402063b1dee9a89a1a4e28bdfe6df3781d829b206c7f9805cfdec1b98405026aafd5f0497ae5a586
ssdeep: 12288:/rS6Fvb2rG0F0QBscQZmr+9ti8dhZbgBS5+YAmVvf5u1NWLz0Cc:/rS40GQBZlr+jXl5Hpu1N3Cc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ADF412928B56974DF2F58170573F0AB1EF3BFD98C9B5A73412927E0D0CBB7002986869
sha3_384: 5c05562f77bd7505ccb4f442d544b2eb0849574cac5e560a0010f64c418e0094a0146c79095af9590a67f5b02db23260
ep_bytes: 60be00706d008dbe00a0d2ff5783cdff
timestamp: 2021-12-16 05:12:49


Version Info:

CompanyName: 
FileDescription: Page Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: Page
LegalCopyright: 版权所有 (C) 2004
LegalTrademarks: 
OriginalFilename: Page.EXE
ProductName: Page 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Graftor.915278 also known as:

MicroWorld-eScanGen:Variant.Graftor.915278
FireEyeGeneric.mg.1501053103a1ea7d
ALYacGen:Variant.Graftor.915278
CylanceUnsafe
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.103a1e
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
APEXMalicious
ClamAVWin.Trojan.Ag-1
KasperskyBackdoor.Win32.Farfli.cbwz
BitDefenderGen:Variant.Graftor.915278
AvastWin32:BackdoorX-gen [Trj]
Ad-AwareGen:Variant.Graftor.915278
F-SecureTrojan.TR/Crypt.XPACK.Gen3
DrWebBackDoor.Farfli.131
VIPREGen:Variant.Graftor.915278
TrendMicroTROJ_GEN.R03BC0DG522
McAfee-GW-EditionGenericRXQX-YT!FEC922183C47
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Graftor.915278 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Graftor.915278
JiangminTrojan.Macri.dc
AviraTR/Crypt.XPACK.Gen3
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Backdoor/Win.YT.C5101549
McAfeeArtemis!1501053103A1
MAXmalware (ai score=86)
VBA32BScope.Backdoor.Farfli
MalwarebytesZegost.Backdoor.Stealer.DDS
TrendMicro-HouseCallTROJ_GEN.R03BC0DG522
RisingBackdoor.Farfli!8.B4 (CLOUD)
IkarusTrojan.Win32.Farfli
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HMVR!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Graftor.915278?

Graftor.915278 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment