Malware

What is “Fragtor.54808”?

Malware Removal

The Fragtor.54808 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.54808 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Hungarian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Created a service that was not started
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Fragtor.54808?



File Info:

name: 5497234D0DC913B19268.mlw
path: /opt/CAPEv2/storage/binaries/88e2ce3b9e5405ccd3a974dd621296a882af9f150d37821d8d9de9cc4ec4ca4d
crc32: 95507EBD
md5: 5497234d0dc913b19268c6e3538ffbd9
sha1: e8614cbf6279ed1eadd58d06156a1887c210b3d1
sha256: 88e2ce3b9e5405ccd3a974dd621296a882af9f150d37821d8d9de9cc4ec4ca4d
sha512: 06cc3ad9354b5bfd97fba5308b1f196bbcb98f00cc4b1f8bd9575422679bc76e6489abc86fc9a54c9ec57ab86339d679d4449dc8c690a91a33bb0ee097553be5
ssdeep: 24576:wrxyf/XVkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkn:exyfv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6B64AC077E294B9E2E27A7089755F90963BBC12EB3056DB3237370E1B756D09931B22
sha3_384: 07849e65e16a3befde77957e101ec6b70e492eea83a4d0787b9a763ce4cf7660d9d68201c20150183f41d4ac6f7516e0
ep_bytes: e885310000e979feffff8bff558bec8b
timestamp: 2021-05-02 06:11:08


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.14.72.77
Translation: 0x0129 0x07bc

Fragtor.54808 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.20244
MicroWorld-eScanGen:Variant.Zusy.413585
FireEyeGeneric.mg.5497234d0dc913b1
CAT-QuickHealTrojan.RaccryptPMF.S25811312
ALYacGen:Variant.Fragtor.54808
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058c5671 )
BitDefenderGen:Variant.Fragtor.54808
K7GWTrojan ( 0058c5671 )
BitDefenderThetaGen:NN.ZexaF.34182.@xW@aum8TrjK
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNVD
TrendMicro-HouseCallMal_Tofsee
ClamAVWin.Dropper.Lockbit-9917808-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
RisingSpyware.Stealer!8.3090 (CLOUD)
Ad-AwareGen:Variant.Fragtor.54808
SophosML/PE-A + Mal/Agent-AWV
ZillyaTrojan.Kryptik.Win32.3667454
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftGen:Variant.Fragtor.54808 (B)
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.BSE.1YP9VDC
JiangminTrojanSpy.Stealer.mke
eGambitUnsafe.AI_Score_94%
Antiy-AVLTrojan/Generic.ASMalwS.35047A5
ArcabitTrojan.Fragtor.DD618
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.gen
MicrosoftRansom:Win32/StopCrypt.MZD!MTB
AhnLab-V3Infostealer/Win.Raccoon.R461263
Acronissuspicious
McAfeeLockbit-FSWW!5497234D0DC9
MAXmalware (ai score=86)
VBA32BScope.Trojan.Convagent
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
APEXMalicious
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.HOCG!tr
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.f6279e
AvastWin32:CrypterX-gen [Trj]

How to remove Fragtor.54808?

Fragtor.54808 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment