Malware

Should I remove “Fragtor.56246”?

Malware Removal

The Fragtor.56246 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.56246 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Macedonian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the OnlyLogger malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Fragtor.56246?



File Info:

name: AEABE7FB138283BB648A.mlw
path: /opt/CAPEv2/storage/binaries/3c819a7e375a6ecf91b376374b691f41b6e738c5e470e50d2d9873cc80f5d395
crc32: 4767E6F8
md5: aeabe7fb138283bb648aef7fa52f359b
sha1: 9ca90e4d37377a42f29ee9938c28cea365abb248
sha256: 3c819a7e375a6ecf91b376374b691f41b6e738c5e470e50d2d9873cc80f5d395
sha512: 1fdcd14c5bd8d902dcd8a407f9f993bb584364dd659f4df60445112e70d7d314295e8fcfe48601b984d59c1fe866ef059e4cead9551e0bdf8ae5e998e869b248
ssdeep: 6144:NN6VaD9ioRU+4KaBh0Njs33AMsfKWbKg5e8IcQy+S7pMSog8:z6cDof+4KkIY5mBp9Ho
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14C74E010B1C5C032E6A7503A4471CAB14E7F78B92936AA8FBFD426B94F757D1DA3130A
sha3_384: 9f0b2f6973eb640f82c4bdc49fe5bd55eea3dae73254501cae5ad6303e1243f9ba55d741fed5884e7aea6fadccdc51b0
ep_bytes: e813450000e978feffff8bff558bec81
timestamp: 2021-05-02 07:13:12


Version Info:

FileVers: 65.51.36.16
ProductVersa: 7.50.25.71
InternalName: peatemas
LegalCopyrighd: sharmir
Translation: 0x0169 0x0300

Fragtor.56246 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Convagent.l!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.38128
MicroWorld-eScanGen:Variant.Fragtor.56246
FireEyeGeneric.mg.aeabe7fb138283bb
ALYacGen:Variant.Fragtor.56246
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058d8fd1 )
K7GWTrojan ( 0058d8fd1 )
Cybereasonmalicious.d37377
BitDefenderThetaGen:NN.ZexaF.34182.vu1@aGFdsofG
CyrenW32/Kryptik.GDH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HODR
TrendMicro-HouseCallTROJ_GEN.R002C0DB322
AvastWin32:TrojanX-gen [Trj]
ClamAVWin.Malware.Generic-9937750-0
KasperskyVHO:Trojan-Spy.Win32.Convagent.gen
BitDefenderGen:Variant.Fragtor.56246
RisingSpyware.Convagent!8.12330 (CLOUD)
EmsisoftGen:Variant.Fragtor.56246 (B)
ZillyaTrojan.Kryptik.Win32.3682669
TrendMicroTROJ_GEN.R002C0DB322
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-S
Paloaltogeneric.ml
AviraTR/Crypt.Agent.dfhwo
Antiy-AVLTrojan/Win32.Kryptik
GridinsoftRansom.Win32.STOP.sa
MicrosoftTrojan:Win32/Raccrypt.GE!MTB
ZoneAlarmVHO:Trojan-Spy.Win32.Convagent.gen
GDataWin32.Trojan-Spy.BeamLoader.DQCBCC
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Stop.R468727
McAfeePacked-GBE!AEABE7FB1382
MAXmalware (ai score=85)
VBA32Malware-Cryptor.2LA.gen
MalwarebytesTrojan.MalPack.GS
APEXMalicious
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HODR!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Fragtor.56246?

Fragtor.56246 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment