Malware

About “Fragtor.57144 (B)” infection

Malware Removal

The Fragtor.57144 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fragtor.57144 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Sindhi
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Fragtor.57144 (B)?



File Info:

name: 8513C4CC20A93A3F5AF7.mlw
path: /opt/CAPEv2/storage/binaries/34d6da030b3583acaaa1fbb3f5b94a6c676159418449c74f3d8ac51a301c2fc4
crc32: 3176970D
md5: 8513c4cc20a93a3f5af7c9c33524c495
sha1: cacf3edfd2b9273eba05ae3fcbeac9bff2dbddc1
sha256: 34d6da030b3583acaaa1fbb3f5b94a6c676159418449c74f3d8ac51a301c2fc4
sha512: 9a66f09d83420bd4fc4e6146f8cde07ddd7a024fea9204bcfffb3639d9b3349ca11c079b243214b041c79adaf479b74f580b5f3776022a4841d4f7585920aa88
ssdeep: 6144:UF/5+pNLJwuH6rFLVvlzU3D3Nw+bq8CdnlkC7ITsq9wVfGG:UN5+pJJ1H6r3JU3D45dN7YG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C94F1C13B50C8B6D0163E71C4B7CAA19B7EF831D9B4A5477B3A565E4E733C4692230A
sha3_384: db1037d248d68b152840e23d5d232ae1caec87953a1d97b8c3b509ae1d7ed3a1cfc9f8aee83189bbfd416818a340764f
ep_bytes: e817400000e978feffffb808104100c3
timestamp: 2021-04-05 04:03:59


Version Info:

FileVersion: 21.29.11.69
InternationalName: bomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.74.57
Translations: 0x0121 0x03ca

Fragtor.57144 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Shellcode.3!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31726
MicroWorld-eScanGen:Variant.Fragtor.57144
FireEyeGeneric.mg.8513c4cc20a93a3f
McAfeePacked-GDT!8513C4CC20A9
CylanceUnsafe
SangforExploit.Win32.Shellcode.gen
K7AntiVirusTrojan ( 0058db601 )
K7GWTrojan ( 0058db601 )
BitDefenderThetaGen:NN.ZexaF.34182.zq1@ae2QpebG
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOEX
TrendMicro-HouseCallTROJ_GEN.R002C0DB122
Paloaltogeneric.ml
ClamAVWin.Malware.Mikey-9917879-0
KasperskyHEUR:Exploit.Win32.Shellcode.gen
BitDefenderGen:Variant.Fragtor.57144
AvastWin32:CrypterX-gen [Trj]
TencentWin32.Trojan.Falsesign.Dxwd
SophosMal/Generic-R + Mal/Agent-AWV
TrendMicroTROJ_GEN.R002C0DB122
McAfee-GW-EditionPacked-GDT!8513C4CC20A9
EmsisoftGen:Variant.Fragtor.57144 (B)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
AviraTR/AD.GenSHCode.zzznb
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.351D75C
MicrosoftRansom:Win32/StopCrypt.PAT!MTB
ZoneAlarmHEUR:Exploit.Win32.Shellcode.gen
GDataGen:Variant.Fragtor.57144
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GDT.R469871
VBA32BScope.Exploit.ShellCode
ALYacGen:Variant.Fragtor.57144
MalwarebytesTrojan.MalPack
APEXMalicious
RisingExploit.Shellcode!8.2A (CLOUD)
YandexTrojan.Kryptik!TCpc5Dbi/VI
SentinelOneStatic AI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetW32/Kryptik.HOFC!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Fragtor.57144 (B)?

Fragtor.57144 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment