Malware

Fragtor.170664 (file analysis)

Malware Removal

The Fragtor.170664 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.170664 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Binary file triggered multiple YARA rules
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Fragtor.170664?



File Info:

name: 3C25AAE62B21CFD94C5F.mlw
path: /opt/CAPEv2/storage/binaries/85a8ec179a4f0f84289340f39d4215b658991fb8780c315a245fead1010d02e6
crc32: 87501EB0
md5: 3c25aae62b21cfd94c5f765e0277b6d5
sha1: 01860ed8043f0b472d569c5bcaa668dd8e5c9eb6
sha256: 85a8ec179a4f0f84289340f39d4215b658991fb8780c315a245fead1010d02e6
sha512: 2d2270fc48f9440a7ace0b377ffc90a1a0e1b10884f9fbbc49543a009a20dc7ca30dd02f4f629ff6a9896706754ec596fdcd0fc35e0051da9504b53511e2086f
ssdeep: 98304:lbX/80lG4AWIaLJBAUZLWfG6T6F9628sPyYFivvKncMpzJOP02L49:BCmJVye6z28whivV02c9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15C66F103F24184F2E521167141B31B3AAE79DE665F35CA83A7D4FE692D73362E72600E
sha3_384: 0f77e433537108663a020faa6d5f179490f87181f48eeba765f439e891b8882c6726754fc207fdbdd66b9b05e85161b3
ep_bytes: 558bec6aff68d03e6e0068245b520064
timestamp: 2022-11-27 02:13:09


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: Osean
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Fragtor.170664 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoad4.15026
MicroWorld-eScanGen:Variant.Fragtor.170664
FireEyeGeneric.mg.3c25aae62b21cfd9
SkyhighBehavesLike.Win32.Generic.vc
McAfeeArtemis!3C25AAE62B21
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.BlackMoon
K7AntiVirusTrojan ( 005246d51 )
AlibabaTrojanDropper:Win32/Genric.883a4a26
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.62b21c
BitDefenderThetaGen:NN.ZexaF.36802.@t0@aaQetBeH
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002H0CBA24
ClamAVWin.Dropper.Tiggre-9845940-0
BitDefenderGen:Variant.Fragtor.170664
AvastWin64:RATX-gen [Trj]
RisingRootkit.Agent!1.E3AE (CLASSIC)
EmsisoftGen:Variant.Fragtor.170664 (B)
GoogleDetected
VIPREGen:Variant.Fragtor.170664
SophosGeneric Reputation PUA (PUA)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Diztakun.asj
VaristW32/Agent.EW.gen!Eldorado
MAXmalware (ai score=85)
Antiy-AVLRiskWare/Win32.FlyStudio.a
MicrosoftTrojan:Win32/Wacatac.A!ml
XcitiumTrojWare.Win32.TrojanDropper.Agent.HNMS@4xnjpy
ArcabitTrojan.Fragtor.D29AA8
GDataWin32.Trojan.PSE.1H6ZYWO
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Trojan.Wacatac
ALYacGen:Variant.Fragtor.170664
Cylanceunsafe
IkarusTrojan.Win32.Agent
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.PHP!tr
AVGWin64:RATX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan.Win.Tiggre.a18697a6

How to remove Fragtor.170664?

Fragtor.170664 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment