Trojan

Dropped:Trojan.Agent.FRZV (B) removal tips

Malware Removal

The Dropped:Trojan.Agent.FRZV (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Trojan.Agent.FRZV (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Harvests cookies for information gathering
  • Attempts to execute suspicious powershell command arguments

How to determine Dropped:Trojan.Agent.FRZV (B)?



File Info:

name: 81859DF95B024F9D4625.mlw
path: /opt/CAPEv2/storage/binaries/b00eab22e3cee89406dccea9bcd6d429e12b4b6c719b379dadb3447a69397aca
crc32: B5E83592
md5: 81859df95b024f9d46259f97ecf0429f
sha1: c388e4d1ec39035efb4659c19060d6dfcc65a8dd
sha256: b00eab22e3cee89406dccea9bcd6d429e12b4b6c719b379dadb3447a69397aca
sha512: 770bb53ea230b63569e384955134b1f8a87eede99770d218ec7f2be9a50856ceb4715ac4633ab9e97dc78a1accfe236dc609bcae60a0477058497d850e64bcff
ssdeep: 196608:xIojQQY7cT8SZ19eTQmAboI1dE1+181MaiupkSR/i4KoYKnw:xdjQQYYvZ1kKoAdA+1WMwkSR/z0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C7633513FE120FAD8221E309A8476BC99EC23199E5585F773C4A86935BDCA921FF1CC
sha3_384: f763cf635c5f17df6810435f0e28fc8461d53d0bfbc74b0ed2b2cd443b1d4f0a1cbc6ef634d023d8782dd85ff3459b66
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Dropped:Trojan.Agent.FRZV (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.Agent.FRZV
FireEyeDropped:Trojan.Agent.FRZV
CAT-QuickHealBackdoor.Manuscrypt
CylanceUnsafe
K7AntiVirusTrojan-Downloader ( 0058d4871 )
K7GWTrojan-Downloader ( 0058d4871 )
Cybereasonmalicious.95b024
CyrenW32/Kryptik.GAL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
ClamAVWin.Dropper.Pswtool-9857535-0
KasperskyUDS:Trojan-Spy.Win32.Stealer.bbhx
BitDefenderDropped:Trojan.Agent.FRZV
NANO-AntivirusRiskware.Win32.PSWTool.hqsnsl
AvastWin32:DropperX-gen [Drp]
RisingTrojan.Agent!8.B1E (TFE:dGZlOgUcAGfiOMtN0Q)
Ad-AwareDropped:Trojan.Agent.FRZV
ComodoMalware@#2o8f2q1tb7uai
DrWebTrojan.Inject4.24892
TrendMicroTROJ_GEN.R002C0WAN22
EmsisoftDropped:Trojan.Agent.FRZV (B)
JiangminTrojan.Generic.hexic
eGambitUnsafe.AI_Score_83%
AviraTR/Downloader.IT
Antiy-AVLTrojan/Generic.ASMalwS.3510DFE
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Agent.FRZV
GDataDropped:Trojan.Agent.FRZV
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZexaF.34182.xq0@aeEeo2bj
ALYacDropped:Trojan.Agent.FRZV
MAXmalware (ai score=88)
VBA32Backdoor.Manuscrypt
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002C0WAN22
IkarusTrojan-Downloader.Win32.Agent
FortinetW32/Agent.GBZ!tr.dldr
AVGWin32:DropperX-gen [Drp]

How to remove Dropped:Trojan.Agent.FRZV (B)?

Dropped:Trojan.Agent.FRZV (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment