Malware

Fragtor.38357 (B) removal tips

Malware Removal

The Fragtor.38357 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.38357 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Ukrainian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Fragtor.38357 (B)?



File Info:

name: 4443DDD5E80AD1DC6B9A.mlw
path: /opt/CAPEv2/storage/binaries/782f6c962dcfb93d8b25098d0341eaa76924791ed1eb770f8e62df2894b130af
crc32: ACEB7338
md5: 4443ddd5e80ad1dc6b9a3b65d91c7c27
sha1: 0218016fcef0bdf4d1fbf2cfd30560837ab6d6c1
sha256: 782f6c962dcfb93d8b25098d0341eaa76924791ed1eb770f8e62df2894b130af
sha512: 15a490f89673d66e74d197d35cc9734cbfe198228aeb0f5e7aaccf2ed1ec247a3d27173f83538afb412591e625505426ef2a476239737f0e1bf372702eebb476
ssdeep: 12288:pwaN0stsD4Qt2seFtlPGDnJ+f4nq55a/iIVgPBlXh9ifzN/5:pwaSusD4Qt2zFtlPGDJa4nq5qfzN/5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T107352903A90873DDEAB26136CC787EED52C8AD525F26F4C352847DC9093A3C15AFB259
sha3_384: c554d7d7a00ae5801e883ed7a981a1dbb091611c2568a9bdd4f5faddd1e3585425605422a4c8517e3f937e362bb9319f
ep_bytes: 558bec6aff68a8cb4600682ca7460064
timestamp: 2021-11-05 15:10:57


Version Info:

CompanyName: Ariolic Software, Ltd. (www.ariolic.com)
FileDescription: ActiveSMART (R) - Hard drive health and files audit utility
FileVersion: 2.10.2.167
InternalName: asmartCore
LegalCopyright: Copyright (C) 2018 Ariolic Software, Ltd
OriginalFilename: ASmartCore.exe
ProductName: ActiveSMART
ProductVersion: 2.10.2.167
Comments: ab28886af3b6f732ef902aaf66703c121f6899eb
Translation: 0x0409 0x04b0

Fragtor.38357 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Staser.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.4443ddd5e80ad1dc
ALYacGen:Variant.Fragtor.38357
CylanceUnsafe
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojan:Win32/Staser.17361ab1
K7GWTrojan ( 0058214e1 )
CrowdStrikewin/malicious_confidence_60% (D)
CyrenW32/Kryptik.FRS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HBAI
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Fragtor.38357
MicroWorld-eScanGen:Variant.Fragtor.38357
AvastWin32:CrypterX-gen [Trj]
TencentWin32.Trojan.Staser.Pavj
Ad-AwareGen:Variant.Fragtor.38357
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.th
EmsisoftGen:Variant.Fragtor.38357 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1IAKRUN
AviraHEUR/AGEN.1145346
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Fragtor.D95D5
MicrosoftTrojan:Win32/Tiggre!rfn
AhnLab-V3Trojan/Win.Generic.R448616
McAfeeGenericRXQT-OR!4443DDD5E80A
MAXmalware (ai score=85)
VBA32Trojan.Staser
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002C0PKN21
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HATU!tr
BitDefenderThetaGen:NN.ZexaF.34294.gz0@aOXd9!gQ
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.fcef0b
PandaTrj/GdSda.A

How to remove Fragtor.38357 (B)?

Fragtor.38357 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment