Malware

Fragtor.495328 malicious file

Malware Removal

The Fragtor.495328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.495328 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Fragtor.495328?



File Info:

name: 2E1814A689CC76961D79.mlw
path: /opt/CAPEv2/storage/binaries/ef0daf6af8e8acb7d6407653b2c3e44cc4003f2b2c47e5bc5edce4cf4788582a
crc32: 35BAF397
md5: 2e1814a689cc76961d798b55e201114a
sha1: 0f5e00140a210026909900ed5c352b6c3e3e6ffb
sha256: ef0daf6af8e8acb7d6407653b2c3e44cc4003f2b2c47e5bc5edce4cf4788582a
sha512: 95906306a4f5abbdb52062f94fa672be2775a52e07081c5885223b5dba27ecc60cfb373b487da19eb1a62de10645966150e4f70d3de6d2060cb48e6634a73909
ssdeep: 24576:k5PSHzguiPr/aoKxuzEygay5wSFv6AoUWI:LT3iOHxu4DWC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15A25CF2237D2D032D2B315328E54D2B696F7BC305B347A8BA6D41B2E5F74AC28E25747
sha3_384: b813fe630736b963443e06be6a4d8557561bd5a6ff89c1b3ef5e886cc1511bcdcff34704ba7c3f51c9deb621caff266c
ep_bytes: e8c5c80000e979feffff8bff558bec5d
timestamp: 2017-02-21 11:38:41


Version Info:

CompanyName: 360.cn
FileDescription: 360反馈建议
FileVersion: 2, 3, 1, 1098
InternalName: 360FeedBac.exe
LegalCopyright: (C) 360.cn Inc. All Rights Reserved.
OriginalFilename: 360FeedBack.exe
ProductName: 360反馈建议
ProductVersion: 2, 3, 1, 1098
Translation: 0x0804 0x04b0

Fragtor.495328 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.RopProof.4!c
Elasticmalicious (moderate confidence)
ClamAVWin.Virus.Sality-6829899-0
CAT-QuickHealTrojan.Fragtor
SkyhighBehavesLike.Win32.BadFile.th
McAfeeArtemis!2E1814A689CC
VIPREGen:Variant.Fragtor.495328
SangforTrojan.Win32.Packed.V3lz
K7AntiVirusTrojan ( 005a81c81 )
AlibabaPacked:Win32/RopProof.b3473206
K7GWTrojan ( 005a81c81 )
Cybereasonmalicious.40a210
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.RopProof.B suspicious
BitDefenderGen:Variant.Fragtor.495328
MicroWorld-eScanGen:Variant.Fragtor.495328
AvastWin32:Evo-gen [Trj]
EmsisoftGen:Variant.Fragtor.495328 (B)
FireEyeGen:Variant.Fragtor.495328
SophosMal/Generic-S
GDataGen:Variant.Fragtor.495328
GoogleDetected
Antiy-AVLVirus/Win32.Expiro.ropf
ArcabitTrojan.Fragtor.D78EE0
MicrosoftProgram:Win32/Wacapew.C!ml
VaristW32/RopProof.H.gen!Eldorado
AhnLab-V3Trojan/Win.Evo-gen.C5583282
ALYacGen:Variant.Fragtor.495328
MAXmalware (ai score=86)
VBA32suspected of Trojan.Downloader.gen
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09B724
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.231186345.susgen
FortinetW32/Wacatac.B!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Fragtor.495328?

Fragtor.495328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment