Categories: Malware

About “Fragtor.57144 (B)” infection

The Fragtor.57144 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Fragtor.57144 (B) virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Sindhi
Authenticode signature is invalid
CAPE detected the RedLine malware family
Anomalous binary characteristics

How to determine Fragtor.57144 (B)?


File Info:
name: 8513C4CC20A93A3F5AF7.mlwpath: /opt/CAPEv2/storage/binaries/34d6da030b3583acaaa1fbb3f5b94a6c676159418449c74f3d8ac51a301c2fc4crc32: 3176970Dmd5: 8513c4cc20a93a3f5af7c9c33524c495sha1: cacf3edfd2b9273eba05ae3fcbeac9bff2dbddc1sha256: 34d6da030b3583acaaa1fbb3f5b94a6c676159418449c74f3d8ac51a301c2fc4sha512: 9a66f09d83420bd4fc4e6146f8cde07ddd7a024fea9204bcfffb3639d9b3349ca11c079b243214b041c79adaf479b74f580b5f3776022a4841d4f7585920aa88ssdeep: 6144:UF/5+pNLJwuH6rFLVvlzU3D3Nw+bq8CdnlkC7ITsq9wVfGG:UN5+pJJ1H6r3JU3D45dN7YGtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12C94F1C13B50C8B6D0163E71C4B7CAA19B7EF831D9B4A5477B3A565E4E733C4692230Asha3_384: db1037d248d68b152840e23d5d232ae1caec87953a1d97b8c3b509ae1d7ed3a1cfc9f8aee83189bbfd416818a340764fep_bytes: e817400000e978feffffb808104100c3timestamp: 2021-04-05 04:03:59
Version Info:
FileVersion: 21.29.11.69InternationalName: bomgveoci.iweCopyright: Copyrighz (C) 2021, fudkortaProjectVersion: 1.10.74.57Translations: 0x0121 0x03ca

Fragtor.57144 (B) also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Shellcode.3!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.31726
MicroWorld-eScan	Gen:Variant.Fragtor.57144
FireEye	Generic.mg.8513c4cc20a93a3f
McAfee	Packed-GDT!8513C4CC20A9
Cylance	Unsafe
Sangfor	Exploit.Win32.Shellcode.gen
K7AntiVirus	Trojan ( 0058db601 )
K7GW	Trojan ( 0058db601 )
BitDefenderTheta	Gen:NN.ZexaF.34182.zq1@ae2QpebG
Cyren	W32/Qbot.FK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HOEX
TrendMicro-HouseCall	TROJ_GEN.R002C0DB122
Paloalto	generic.ml
ClamAV	Win.Malware.Mikey-9917879-0
Kaspersky	HEUR:Exploit.Win32.Shellcode.gen
BitDefender	Gen:Variant.Fragtor.57144
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Falsesign.Dxwd
Sophos	Mal/Generic-R + Mal/Agent-AWV
TrendMicro	TROJ_GEN.R002C0DB122
McAfee-GW-Edition	Packed-GDT!8513C4CC20A9
Emsisoft	Gen:Variant.Fragtor.57144 (B)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Avira	TR/AD.GenSHCode.zzznb
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASMalwS.351D75C
Microsoft	Ransom:Win32/StopCrypt.PAT!MTB
ZoneAlarm	HEUR:Exploit.Win32.Shellcode.gen
GData	Gen:Variant.Fragtor.57144
Cynet	Malicious (score: 100)
AhnLab-V3	Packed/Win.GDT.R469871
VBA32	BScope.Exploit.ShellCode
ALYac	Gen:Variant.Fragtor.57144
Malwarebytes	Trojan.MalPack
APEX	Malicious
Rising	Exploit.Shellcode!8.2A (CLOUD)
Yandex	Trojan.Kryptik!TCpc5Dbi/VI
SentinelOne	Static AI – Malicious PE
eGambit	PE.Heur.InvalidSig
Fortinet	W32/Kryptik.HOFC!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (D)