What is “Fragtor.47600”?

The Fragtor.47600 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Fragtor.47600 virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Dynamic (imported) function loading detected
• Performs HTTP requests potentially not found in PCAP.
• HTTPS urls from behavior.
• A process created a hidden window
• CAPE extracted potentially suspicious content
• Unconventionial language used in binary resources: Nepali
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Behavioural detection: Injection (Process Hollowing)
• Executed a process and injected code into it, probably while unpacking
• Behavioural detection: Injection (inter-process)
• Behavioural detection: Transacted Hollowing
• Created a process from a suspicious location
• Collects and encrypts information about the computer likely to send to C2 server
• Installs itself for autorun at Windows startup
• STOP ransomware registry artifacts detected
• CAPE detected the STOP malware family
• Attempts to modify proxy settings
• Creates a copy of itself
• STOP ransomware command line behavior detected
• Uses suspicious command line tools or Windows utilities

How to determine Fragtor.47600?

File Info:
name: A1F4FC2F1C675337637B.mlw
path: /opt/CAPEv2/storage/binaries/a761c19812b28982ee51f8099715356acd1605474acf77c864934730eb69a9f9
crc32: 8AB222D6
md5: a1f4fc2f1c675337637b703defe9c359
sha1: 7a209c94eeae8a6e9c80810df9b44fdec86401bb
sha256: a761c19812b28982ee51f8099715356acd1605474acf77c864934730eb69a9f9
sha512: fba20d44b757afb49319ecab2346b04d039ded6e620b76b05abf75cc137be5270b7d398bd03d227cc3d7f575c295405c594c9f0ba044d923198c8d872f2873cf
ssdeep: 12288:ynO+R7aYQ9UTHnNZjL/70M3fLvmMG7NvQMcFxE9pb4lX0G1WNq9y6OO:yO+R7j+Upho4jvWeUVGWd6N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F05011172C0C132C05B20768521C7B19F7BB8B66B666ACFBFC81B796F246D0973935A
sha3_384: 7cbc45816f85f4ac27f3e7dd054ae486d8f1897c23dc47ef002fa5255cb1e4ba848831bdec77452560ee3a5b8bdef2d3
ep_bytes: e8db830000e978feffff8bff558bec83
timestamp: 2021-05-09 02:35:56

Version Info:
FileVers: 7.0.4.24
ProductVersa: 7.0.25.71
InternalName: reaLatimas
LegalCopyrighd: Jdfglsdffa
Translations: 0x0169 0x0301

Fragtor.47600 also known as:

How to remove Fragtor.47600?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.