Malware

Graftor.951626 removal

Malware Removal

The Graftor.951626 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Graftor.951626 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Hebrew
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Graftor.951626?



File Info:

name: 2824C4048EDD6005722A.mlw
path: /opt/CAPEv2/storage/binaries/b909d8b8f014b7b04874f166ce628b2033c75b4d5a6e66e1c79d13b432949a93
crc32: 2515E1CD
md5: 2824c4048edd6005722a0d13fd5ef859
sha1: b99dfbee4e54b42dc21847f0b85e2f8d6cc2671f
sha256: b909d8b8f014b7b04874f166ce628b2033c75b4d5a6e66e1c79d13b432949a93
sha512: 100a3bc40288986bd707a02b51c76bbbe369024512050007981d634e271188f1add36166f8b98a90a8f1a0c85ca263c9268bcf33546fd28520f4b6af7ba5486a
ssdeep: 12288:SLe6teAkXTGtG6MKXOXVppdBe388usV3BPJDb2uHPe+JyteQ:St0XTwF9OFDdO84DiMPp8X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165E40212BB9055B0E5BA277587370E1A84F4BD390536C64F6F30B74EEDB22C06A2536B
sha3_384: 6a917e87931c7d28e8cdf16899e64ee22f5e7304bda194aa57223c93374d340c9cb84d795d0c802b97d2e066222574f7
ep_bytes: 6a706840e44000e80402000033ff57ff
timestamp: 2016-03-21 06:19:50


Version Info:

CompanyName: NirSoft
FileDescription: FolderChangesView
FileVersion: 1.85
InternalName: FolderChangesView
LegalCopyright: Copyright © 2012 - 2016 Nir Sofer
OriginalFilename: FolderChangesView.exe
ProductName: FolderChangesView
ProductVersion: 1.85
Translation: 0x0409 0x04b0

Graftor.951626 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebWin32.HLLP.Siggen.54
MicroWorld-eScanGen:Variant.Graftor.951626
FireEyeGeneric.mg.2824c4048edd6005
ALYacGen:Variant.Graftor.951626
CylanceUnsafe
ZillyaTrojan.Patched.Win32.124406
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0015dce31 )
K7GWTrojan ( 0015dce31 )
Cybereasonmalicious.48edd6
BitDefenderThetaGen:NN.ZexaF.34062.R80@aSL0UTlO
CyrenW32/Patched.GC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Agent.NFN
ClamAVWin.Malware.2ceb-9838453-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.951626
Ad-AwareGen:Variant.Graftor.951626
SophosML/PE-A + Troj/Patched-BS
ComodoHeur.Corrupt.PE@1z141z3
McAfee-GW-EditionBehavesLike.Win32.Dropper.jc
EmsisoftGen:Variant.Graftor.951626 (B)
IkarusTrojan.Win32.Patched
GDataGen:Variant.Graftor.951626
AviraTR/Patched.Gen
Antiy-AVLTrojan/Generic.ASMalwFH.4540D95
ArcabitTrojan.Graftor.DE854A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2506375
Acronissuspicious
McAfeePacked-FAQ!2824C4048EDD
MAXmalware (ai score=82)
VBA32Trojan.Fuery
MalwarebytesTrojan.Injector
APEXMalicious
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazqMyNTLbQsbHBcYgFjmNXNv)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Patched.IW!tr
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Graftor.951626?

Graftor.951626 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment