Graftor

By ESGI Advisor in Trojans

Threat Scorecard

Ranking:	6,644
Threat Level:	80 % (High)
Infected Computers:	62,196

First Seen:	October 13, 2011
Last Seen:	October 2, 2023
OS(es) Affected:	Windows

Graftor is a Trojan, which masquerades as a genuine software application. Graftor aims at connecting to the web and contacting lots of remote servers without the victim's consent and knowledge, potentially to get instructional commands from the cybercriminal, or to distribute other malware infections. Graftor connects to a remote server without the computer user's awareness. Graftor generates an invisible folder (C:\addons) and copies itself there. Graftor generates a new directory named "Programas21". Graftor disables PC user's ability to cancel Graftor's connection to the web.

Table of Contents

SpyHunter Detects & Remove Graftor

File System Details

Graftor may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	svrupg.exe	1b69c9bcc5358d9a98e4aa7707ffd8f7	2,044
Name: svrupg.exe MD5: 1b69c9bcc5358d9a98e4aa7707ffd8f7 Size: 2.76 MB (2767872 bytes) Detections: 2,044 Type: Executable File Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\svrupg.exe Group: Malware file Last Updated: October 11, 2022
2.	klcUpd.dll	94ddc69fced08a6ed5d735027e815ec4	1,141
Name: klcUpd.dll MD5: 94ddc69fced08a6ed5d735027e815ec4 Size: 328.19 KB (328192 bytes) Detections: 1,141 Type: Dynamic link library Path: C:\Program Files (x86)\Kilchwobigh\klcUpd.dll Group: Malware file Last Updated: December 13, 2021
3.	conhost.exe	60f7cb231a831ca5cda342020a5208ce	1,031
Name: conhost.exe MD5: 60f7cb231a831ca5cda342020a5208ce Size: 1.26 MB (1265152 bytes) Detections: 1,031 Type: Executable File Path: C:\Windows\Temp\04095\conhost.exe Group: Malware file Last Updated: June 22, 2022
4.	service.exe	29b4d30fc9fe15bf410632820e0e2e9d	317
Name: service.exe MD5: 29b4d30fc9fe15bf410632820e0e2e9d Size: 1.73 MB (1738240 bytes) Detections: 317 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: June 4, 2016
5.	service72564.exe	50dd9fc789764106482cb82826b34db4	92
Name: service72564.exe MD5: 50dd9fc789764106482cb82826b34db4 Size: 1.93 MB (1936896 bytes) Detections: 92 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 30, 2020
6.	service90132.exe	2915096fb3ccada63b983f9c68515bc8	75
Name: service90132.exe MD5: 2915096fb3ccada63b983f9c68515bc8 Size: 1.93 MB (1936896 bytes) Detections: 75 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 30, 2020
7.	conhost.exe	e94b741bb1172f5284157a0f2ac7bf80	67
Name: conhost.exe MD5: e94b741bb1172f5284157a0f2ac7bf80 Size: 1.6 MB (1608704 bytes) Detections: 67 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: April 19, 2016
8.	winupd32cfg.exe	c78924cc0e6b440b5460f04f4aaf17d1	63
Name: winupd32cfg.exe MD5: c78924cc0e6b440b5460f04f4aaf17d1 Size: 89.48 KB (89484 bytes) Detections: 63 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\959403039485030\winupd32cfg.exe Group: Malware file Last Updated: April 27, 2022
9.	svrupg.exe	fb4d15c19382f549b0735aae24cad95a	28
Name: svrupg.exe MD5: fb4d15c19382f549b0735aae24cad95a Size: 2.76 MB (2767360 bytes) Detections: 28 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\AppData\Roaming Group: Malware file Last Updated: April 8, 2016
10.	svrupg.exe	9736f01415c8ff5c1a0b14c54cdc802e	15
Name: svrupg.exe MD5: 9736f01415c8ff5c1a0b14c54cdc802e Size: 2.76 MB (2767360 bytes) Detections: 15 Type: Executable File Path: %WINDIR%\SysWOW64\config\systemprofile\AppData\Roaming Group: Malware file Last Updated: April 8, 2016
11.	svrupg.exe	f0c179316ccfc4ad54287fbb6e8b99bf	11
Name: svrupg.exe MD5: f0c179316ccfc4ad54287fbb6e8b99bf Size: 2.76 MB (2767872 bytes) Detections: 11 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\AppData\Roaming Group: Malware file Last Updated: April 8, 2016
12.	gAC93.tmp.exe	b7f5f8489ce01c4b11ac530f24b07555	7
Name: gAC93.tmp.exe MD5: b7f5f8489ce01c4b11ac530f24b07555 Size: 151.55 KB (151552 bytes) Detections: 7 Type: Executable File Path: C:\Windows\Temp\gAC93.tmp.exe Group: Malware file Last Updated: April 23, 2022
13.	20d19e546d1f3082e70434b98145cc8c.exe	26ca0dfcfde6b929d4385b6c1ba6c71f	7
Name: 20d19e546d1f3082e70434b98145cc8c.exe MD5: 26ca0dfcfde6b929d4385b6c1ba6c71f Size: 818.68 KB (818688 bytes) Detections: 7 Type: Executable File Path: %PROGRAMFILES%\22cc3ef3650630662937132a51b94f7c Group: Malware file Last Updated: July 3, 2018
14.	msdtabc.exe	53371ed43ea4d4b1a3401fa3f641766e	5
Name: msdtabc.exe MD5: 53371ed43ea4d4b1a3401fa3f641766e Size: 1.3 MB (1308655 bytes) Detections: 5 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: January 18, 2023
15.	g7F7E.tmp	9ba21c15300e32df90c27c6a3d808888	5
Name: g7F7E.tmp MD5: 9ba21c15300e32df90c27c6a3d808888 Size: 1.72 MB (1721856 bytes) Detections: 5 Type: Temporary File Path: C:\Windows\Temp\g7F7E.tmp Group: Malware file Last Updated: June 3, 2022
16.	service.exe	e1de11c2ab6cef8f4c716ea8d28455d5	1
Name: service.exe MD5: e1de11c2ab6cef8f4c716ea8d28455d5 Size: 1.8 MB (1803264 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: March 9, 2016
17.	service.exe	cf91f6d4e312e58953352480776b391f	1
Name: service.exe MD5: cf91f6d4e312e58953352480776b391f Size: 1.79 MB (1792512 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
18.	service.exe	a10fe1bb15a5c2f29f55b8338140acfd	1
Name: service.exe MD5: a10fe1bb15a5c2f29f55b8338140acfd Size: 1.74 MB (1746432 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
19.	service.exe	96c42dedbc807b388d45057b06b3354e	1
Name: service.exe MD5: 96c42dedbc807b388d45057b06b3354e Size: 1.83 MB (1836477 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: March 9, 2016
20.	msiqljp.exe	0566e2efd6b6f189c2cf9a44ebc417de	1
Name: msiqljp.exe MD5: 0566e2efd6b6f189c2cf9a44ebc417de Size: 46.26 KB (46260 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 23, 2016
21.	mspop.exe	fc94be08929d34974706d6aa5727e133	1
Name: mspop.exe MD5: fc94be08929d34974706d6aa5727e133 Size: 1.88 MB (1888256 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
22.	service.exe	8d99bbc5ef76f7327829f80a15f21f62	1
Name: service.exe MD5: 8d99bbc5ef76f7327829f80a15f21f62 Size: 1.76 MB (1762304 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
23.	mspop.exe	1ea9632607d8e6ba9d605bdec71a8ef6	1
Name: mspop.exe MD5: 1ea9632607d8e6ba9d605bdec71a8ef6 Size: 2.01 MB (2012672 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\Application Data Group: Malware file Last Updated: March 9, 2016
24.	service.exe	944dcf24ba9478f43ba2ef780e4c2ef8	1
Name: service.exe MD5: 944dcf24ba9478f43ba2ef780e4c2ef8 Size: 1.79 MB (1792512 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
25.	service.exe	8d607c220c1f87319c0bc7da9b5f60c0	1
Name: service.exe MD5: 8d607c220c1f87319c0bc7da9b5f60c0 Size: 1.79 MB (1792512 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE% Group: Malware file Last Updated: March 9, 2016
26.	\arquivo.exe
Name: \arquivo.exe Type: Executable File Group: Malware file
27.	\.exe.
Name: \.exe. Group: Malware file
28.	file.exe	8c41658cce6316328ef4dfd60c39c790	0
Name: file.exe MD5: 8c41658cce6316328ef4dfd60c39c790 Size: 862.2 KB (862208 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 2, 2016
29.	name.exe	540f9456415ec88e2ab9f5ac635d28e7	0
Name: name.exe MD5: 540f9456415ec88e2ab9f5ac635d28e7 Size: 738.3 KB (738304 bytes) Detections: 0 Type: Executable File Path: dir Group: Malware file Last Updated: September 19, 2017
30.	file.exe	f1b35868d5525248b1b6bfefb8588e14	0
Name: file.exe MD5: f1b35868d5525248b1b6bfefb8588e14 Size: 593.92 KB (593920 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Graftor may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\msiql.exe

%ALLUSERSPROFILE%\Windows Update\svrupg.exe

%APPDATA%\svrupg.exe

%LOCALAPPDATA%\fupdate\fupdate.exe

%LOCALAPPDATA%\vfVirtualFishnet.exe

%USERPROFILE%\Local Settings\Application Data\fupdate\fupdate.exe

HKEY..\..\..\..{RegistryKeys}

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://bashcontrolilimited.tecnologiaovh.com" =

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://187.109.161.62/index1.php" = "AutoConfigURL"

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"http://fitness.poxyport.info" = AutoConfigURL"

"AutoConfigUrl"

Directories

Graftor may create the following directory or directories:

%LOCALAPPDATA%\4Adobe\4low

%PROGRAMFILES%\Kilchwobigh

%PROGRAMFILES(x86)%\Kilchwobigh

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Graftor

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Graftor

File System Details

Registry Details

Directories

Submit Comment

Related Posts

Gen:Variant.Graftor.15447

Trending

Hrekyu.com

News-central.org

'Avalanche' Gang Blamed for Most Online Phishing...

Most Viewed

Is Lookmovie.io Safe?

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error