Malware

Fragtor.125893 information

Malware Removal

The Fragtor.125893 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Fragtor.125893 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo

How to determine Fragtor.125893?


File Info:

name: 7C5BE7ADAA059A4FCE27.mlw
path: /opt/CAPEv2/storage/binaries/9092fe10f3424c25e5fe44892eb2fc24eea77d308ddbf38dda33cf4fe76b3176
crc32: 843BE0C7
md5: 7c5be7adaa059a4fce2753062b68cf66
sha1: 11697f7d410ac71e6409f85de70fe3bdc4981dc5
sha256: 9092fe10f3424c25e5fe44892eb2fc24eea77d308ddbf38dda33cf4fe76b3176
sha512: b8080caee2f8cdc5b234c2a55ee1195d47e2a20ca9e8cf87cbb0a9617a78aa63172facdc9faf33e5be1055544dad08202415436f791ebb4b37747c448164f3f3
ssdeep: 98304:Nl1AwBMWTYfnlfF8KRIDpnJ3V2Zyj13e1Av+V8FSrNJBAUZL+1:afaVEgKJVy1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BF36AF12F042C072D51E19B0567B9B395D788F920E28CD83E7E4FDB6AD37A319B2621D
sha3_384: 14ff8ad17f6be019ba09226d7a8ea6b9a1dfbd591e2efa1ae7dd02a19094bf3fa60b5062e1a461ba774b35ee16ca3506
ep_bytes: 558bec6aff681062880068c882490064
timestamp: 2022-04-30 10:44:54

Version Info:

FileVersion: 1.8.8.8
FileDescription: 掉宝率+100%
ProductName: 魔晶
ProductVersion: 1.8.8.8
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Fragtor.125893 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.lwoF
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.125893
FireEyeGeneric.mg.7c5be7adaa059a4f
ALYacGen:Variant.Fragtor.125893
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.d410ac
CyrenW32/S-480dd005!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9820446-0
KasperskyUDS:Trojan.Win32.Bingoml.gen
BitDefenderGen:Variant.Fragtor.125893
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Fragtor.125893
EmsisoftGen:Variant.Fragtor.125893 (B)
ComodoWorm.Win32.Dropper.RA@1qraug
VIPREGen:Variant.Fragtor.125893
McAfee-GW-EditionBehavesLike.Win32.Generic.rh
Trapminemalicious.high.ml.score
SophosGeneric PUA BB (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1DNV50E
Antiy-AVLTrojan/Win32.FlyStudio.a
ArcabitTrojan.Fragtor.D1EBC5
ZoneAlarmUDS:Trojan.Win32.Bingoml.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C5217912
McAfeeArtemis!7C5BE7ADAA05
MAXmalware (ai score=86)
MalwarebytesTrojan.MalPack.FlyStudio
TrendMicro-HouseCallTROJ_GEN.R002H0CH122
RisingTrojan.Bingoml!8.1226A (CLOUD)
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34582.@t0@aGMf5dcb
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Fragtor.125893?

Fragtor.125893 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment