Malware

What is “Graftor.944072 (B)”?

Malware Removal

The Graftor.944072 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.944072 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the HiddenVNC malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Graftor.944072 (B)?



File Info:

name: CD228BBEE65A4424CAE9.mlw
path: /opt/CAPEv2/storage/binaries/5704b316c4bc8c220d40d9e8c2a3c1a24ec4446112c886e8cdeb3dd8eadb69fd
crc32: 432CC0D7
md5: cd228bbee65a4424cae9330a612f9c42
sha1: 13f9f5aa3d867d12f84c38bde084cf4265c3f125
sha256: 5704b316c4bc8c220d40d9e8c2a3c1a24ec4446112c886e8cdeb3dd8eadb69fd
sha512: 0cff782714c09dde7eb75e5346d08c00bbf38c72b2aa2830dde504cb4e48edc45a8a37e514371047a0356b762aa0529c144d765b30ff7c382bbe74b54def3804
ssdeep: 24576:ru6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYq:Fu0c++OCvkGs9Fap5aLKLkDl+dUvO9Yc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T169A5BE41A3DC82A1CE6A4372BA36DB219B777C692634F70E1ED83D7A3E723521518353
sha3_384: c119ca4cede813b4163255017cdc924da2d011d22f02a76a5d6f5ef2b4fc61dc408513b3cc8cb6d42b4bcd984479ed68
ep_bytes: e8b5d00000e97ffeffffcccccccccccc
timestamp: 2019-03-12 13:38:44


Version Info:

FileDescription: Adobe Download Manager
OriginalFilename: Adobe Download Manager
CompanyName: Adobe Systems Incorporated
FileVersion: ...
LegalCopyright: Copyright 2018 Adobe Incorporated. All rights reserved.
ProductName: Adobe Download Manager
ProductVersion: ...
Translation: 0x0409 0x04b0

Graftor.944072 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.944072
FireEyeGeneric.mg.cd228bbee65a4424
CAT-QuickHealTrojan.AutoIt.AitInject.ZZ
McAfeeTrojan-AitInject.ak
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 700000111 )
BitDefenderGen:Variant.Graftor.944072
K7GWTrojan ( 700000111 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34182.zqW@auVdLFh
VirITTrojan.Win32.Autoit.FU
CyrenW32/AutoIt.OA.gen!Eldorado
SymantecPacked.Generic.548
ESET-NOD32MSIL/Spy.Agent.AES
APEXMalicious
ClamAVWin.Dropper.Miner-7086570-0
KasperskyTrojan.MSIL.Agent.foqx
NANO-AntivirusTrojan.Win32.Quasar.foekoa
RisingBackdoor.XRat!1.D01D (CLASSIC)
Ad-AwareGen:Variant.Graftor.944072
EmsisoftGen:Variant.Graftor.944072 (B)
ComodoBackdoor.Win32.QuasarRAT.A@8m6u7h
DrWebBackDoor.HVNC.15
TrendMicroTSPY_TINCLEX.SM1
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SophosML/PE-A + Mal/AuItInj-A
IkarusTrojan.Autoit
AviraTR/Spy.Agent.zgvfh
Antiy-AVLTrojan/Generic.ASCommon.151
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan.MSIL.Quasar.gen
GDataGen:Variant.Graftor.944072
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/AutoInj.Exp
Acronissuspicious
ALYacGen:Variant.Graftor.944072
MAXmalware (ai score=82)
VBA32Trojan.Autoit.F
MalwarebytesTrojan.MalPack.AutoIt
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_TINCLEX.SM1
TencentMalware.Win32.Gencirc.10b0d056
YandexTrojan.GenAsa!eJ2W40k2TSg
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Carberp.BU!tr.dldr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.ee65a4
AvastWin32:PWSX-gen [Trj]

How to remove Graftor.944072 (B)?

Graftor.944072 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment