Malware

About “Fragtor.26918 (B)” infection

Malware Removal

The Fragtor.26918 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.26918 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Fragtor.26918 (B)?



File Info:

name: 9C7E2C6D7BE63730ADA6.mlw
path: /opt/CAPEv2/storage/binaries/4e658b1b95e18f595245cc5f680b5d9ea541fd433fbbbe2da1c2cc4131dc87c0
crc32: 07A24D30
md5: 9c7e2c6d7be63730ada6d5e4cdbc1921
sha1: 0e54b9a309910afe72af1f29d3ae42232f40f84e
sha256: 4e658b1b95e18f595245cc5f680b5d9ea541fd433fbbbe2da1c2cc4131dc87c0
sha512: 17b342b6f80f115bb8c988d6d06cbf5b65eab83e0d3d417c0a3fa65235badf4f6b8d2727ac970a029c92234bcc40cb1f26aa4fac72ca7f7815bb440819beb1dc
ssdeep: 24576:3NDiUpBeunft6zdt7KlGcqMce1/QIzJV88BDS//HKXgjV:3NGIeulS2lGqtPzJV9Bm/I2
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F5053359088CFD5AEB982A3733CB0DF960149F937BB70D1CB36819399CA0E479B50A95
sha3_384: 49a0ab0948b199c20642417760a81391d9145d2ff30d4cf67cdf618119b323c5156cdb157340f118ec8be180271d2f3f
ep_bytes: 68000000005b5181c794a5bcf18b0424
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Fragtor.26918 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.26918
FireEyeGeneric.mg.9c7e2c6d7be63730
ALYacGen:Variant.Fragtor.26918
MalwarebytesTrojan.Crypt.UPX
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderGen:Variant.Fragtor.26918
K7GWTrojan ( 005762bf1 )
K7AntiVirusTrojan ( 0058c5ff1 )
BitDefenderThetaGen:NN.ZexaF.34182.XmW@aay45Qe
CyrenW32/CoinMiner.CQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.AUY
TrendMicro-HouseCallTROJ_GEN.R002C0DAS22
Kasperskynot-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.vho
AlibabaMalware:Win32/km_280b22.None
RisingTrojan.Kryptik!1.D238 (CLOUD)
Ad-AwareGen:Variant.Fragtor.26918
EmsisoftGen:Variant.Fragtor.26918 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.Packed2.43250
VIPREPacker.NSAnti.Gen (v)
TrendMicroTROJ_GEN.R002C0DAS22
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
SentinelOneStatic AI – Malicious PE
SophosML/PE-A + Mal/HckPk-A
APEXMalicious
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=89)
Antiy-AVLGrayWare/Win32.Kryptik.ffp
MicrosoftTrojan:Win32/Injector.RAQ!MTB
ArcabitTrojan.Fragtor.D6926
ZoneAlarmnot-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.vho
GDataGen:Variant.Fragtor.26918
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.RL_Reputation.R365362
McAfeeGenericRXAA-FA!9C7E2C6D7BE6
VBA32Trojan.Packed
CylanceUnsafe
PandaTrj/Genetic.gen
TencentTrojan.Win32.Coinminer.yi
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.EAHK!tr
AVGWin32:CoinminerX-gen [Trj]
AvastWin32:CoinminerX-gen [Trj]

How to remove Fragtor.26918 (B)?

Fragtor.26918 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment