Malware

Graftor.915278 (B) removal tips

Malware Removal

The Graftor.915278 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.915278 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the PCRat malware family

How to determine Graftor.915278 (B)?



File Info:

name: 2DC27DFBC3EF851DC8D8.mlw
path: /opt/CAPEv2/storage/binaries/1afac77f16a01d1247e6000932a4cf4a98d3c62f50b75dc32b0f8c60efbf145a
crc32: 2D475819
md5: 2dc27dfbc3ef851dc8d87352afd8d922
sha1: 3ab02954f9754648114976af8ecd9f5aceaf581b
sha256: 1afac77f16a01d1247e6000932a4cf4a98d3c62f50b75dc32b0f8c60efbf145a
sha512: c7f3020e17f0180502b59c2697dc47cfb917406ed26245f912decc71fcdc489274ed45dbf9d3b7dfb1b4d35e25192537643b30ba059a0fb7fc3c1b84c1d46f7b
ssdeep: 12288:4rS6Fvb2rG0F0QBscQZmr+9ti8dhZbgBS5+YAmVvpWq7AA0Rk5e+wYc:4rS40GQBZlr+jXl5HhWq7AzuBwYc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19FF423A20B45834DF3F181B8921F0A35DF1BFC698BA4573686A7758C1EB63003D86DB9
sha3_384: e0a11f6714e50a465dadda9c2bd1d5a6cd4bef8fa9e87f3361b89803e104a11d53df09bc401ad611a8a4e67b6fcd12e1
ep_bytes: 60be00706a008dbe00a0d5ff5783cdff
timestamp: 2021-12-16 05:12:49


Version Info:

CompanyName: 
FileDescription: Page Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: Page
LegalCopyright: 版权所有 (C) 2004
LegalTrademarks: 
OriginalFilename: Page.EXE
ProductName: Page 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Graftor.915278 (B) also known as:

MicroWorld-eScanGen:Variant.Graftor.915278
ClamAVWin.Trojan.Ag-1
FireEyeGeneric.mg.2dc27dfbc3ef851d
McAfeeGenericRXQX-YT!B063F77E3209
CylanceUnsafe
VIPREGen:Variant.Graftor.915278
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.bc3ef8
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
APEXMalicious
CynetMalicious (score: 99)
KasperskyBackdoor.Win32.Farfli.ccxp
BitDefenderGen:Variant.Graftor.915278
AvastWin32:BackdoorX-gen [Trj]
Ad-AwareGen:Variant.Graftor.915278
EmsisoftGen:Variant.Graftor.915278 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen3
DrWebBackDoor.Farfli.131
ZillyaBackdoor.Farfli.Win32.12530
TrendMicroTROJ_GEN.R011C0DHG22
McAfee-GW-EditionGenericRXQX-YT!B063F77E3209
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Graftor.915278
JiangminTrojan.Macri.dc
AviraTR/Crypt.XPACK.Gen3
Antiy-AVLTrojan/Generic.ASMalwS.26E9
KingsoftWin32.Heur.KVM007.a.(kcloud)
ArcabitTrojan.Graftor.DDF74E
ZoneAlarmBackdoor.Win32.Farfli.ccxp
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Backdoor/Win.YT.C5101549
ALYacGen:Variant.Graftor.915278
MAXmalware (ai score=89)
VBA32BScope.Backdoor.Farfli
MalwarebytesZegost.Backdoor.Stealer.DDS
TrendMicro-HouseCallTROJ_GEN.R011C0DHG22
RisingBackdoor.Farfli!8.B4 (TFE:dGZlOgVX9qtLhDew4g)
IkarusTrojan.Win32.Farfli
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HMVR!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/GdSda.A

How to remove Graftor.915278 (B)?

Graftor.915278 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment