Malware

Fragtor.30205 (file analysis)

Malware Removal

The Fragtor.30205 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.30205 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Fragtor.30205?



File Info:

name: FFE4692227F6F973409F.mlw
path: /opt/CAPEv2/storage/binaries/9350c1a7e6ad64a4b077030b029a1cf3895d4026851d0f02a602ea9bdcbcd0d9
crc32: A9017289
md5: ffe4692227f6f973409ff578c6fa444c
sha1: e62ea4e0806bf071e22a4e8b802395e522c2682f
sha256: 9350c1a7e6ad64a4b077030b029a1cf3895d4026851d0f02a602ea9bdcbcd0d9
sha512: 07d7908d4b371fa16c4d10389f0b8ac00b4b93aa918c641fb2cc54d3e856145ca1c10174e6ccfbb28bc52242dcad12e67aaa44807defe27da350a097424c0adc
ssdeep: 12288:ORfjmJ98MFea1+Ic5nQVBN9OGC1w0TN6+ApSkQ6y6bL0FeJ7BOfJijFUSPcc:ORfK98MQz5YNE1VTN6LpSkdy4LyyqS
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T12C05330B6F8A5C14C75C0FB2AD5ECE936E21F84191919865C3511CC8BEDE7EB6F218B2
sha3_384: f146b878edc8a6ef159273cb8e003e9dd4377147f74cdb550ac77ac95a5b8491eed9956a2d0421639ee92be1ecf4a29e
ep_bytes: 83ec04c70424000000005e83ec04891c
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Fragtor.30205 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.30205
McAfeeGenericRXAA-FA!FFE4692227F6
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaMalware:Win32/km_280b22.None
K7GWTrojan ( 005762bf1 )
K7AntiVirusTrojan ( 00576fb91 )
CyrenW32/CoinMiner.CQ.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.HITO
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Ulpm-9869474-0
Kasperskynot-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.vho
BitDefenderGen:Variant.Fragtor.30205
NANO-AntivirusRiskware.Win32.BitCoinMiner.iitabw
AvastWin32:CoinminerX-gen [Trj]
TencentTrojan.Win32.Coinminer.yi
Ad-AwareGen:Variant.Fragtor.30205
SophosMal/Generic-R + Mal/HckPk-A
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.Packed2.43250
TrendMicroTROJ_GEN.R002C0DJ221
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
FireEyeGen:Variant.Fragtor.30205
EmsisoftGen:Variant.Fragtor.30205 (B)
SentinelOneStatic AI – Malicious PE
JiangminRiskTool.BitCoinMiner.uqu
MaxSecureTrojan.Malware.74654884.susgen
AviraHEUR/AGEN.1200419
GridinsoftRansom.Win32.Miner.sa
MicrosoftTrojan:Win32/Injector.RAQ!MTB
GDataGen:Variant.Fragtor.30205
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.RL_Reputation.R364189
BitDefenderThetaGen:NN.ZexaF.34212.XmW@aeet9Uf
ALYacGen:Variant.Fragtor.30205
MAXmalware (ai score=86)
VBA32Trojan.Packed
MalwarebytesTrojan.Crypt.UPX
TrendMicro-HouseCallTROJ_GEN.R002C0DJ221
RisingTrojan.Kryptik!1.D12D (CLOUD)
YandexTrojan.Kryptik!Fi126YFhf1U
IkarusTrojan.Win32.Injector
FortinetW32/Kryptik.EAHK!tr
AVGWin32:CoinminerX-gen [Trj]
PandaTrj/Genetic.gen

How to remove Fragtor.30205?

Fragtor.30205 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment