Fragtor.80960 (file analysis)

The Fragtor.80960 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Fragtor.80960 virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Fragtor.80960?


File Info:
name: A2FDF3CD5BD831990349.mlw
path: /opt/CAPEv2/storage/binaries/b3dfb3d6a177002d849252a18a69b53d71041367e261ba9d4aaa609ed4773800
crc32: DAD732C9
md5: a2fdf3cd5bd8319903498dce9cbc6095
sha1: 19b7c68fa951c582ef184538aa35b8829b59a644
sha256: b3dfb3d6a177002d849252a18a69b53d71041367e261ba9d4aaa609ed4773800
sha512: 92c48b830c748ac3c3bf01918108b342219689ba53918a9998bb9c9655eff1e93294299a88de65e99d8a29eaa4574d864f7e0b5ef2dd7fc0043f4dc8a85712cd
ssdeep: 24576:fSrWBUdyOSMKivCHmo6B8Cm+usWpq/mBqm68WIVjYU7AiJXf4MnieWzjlvuwZm/C:KimKFGi9Coqm6+1YUsiBf4S2txZm/IN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16055CF246D29D49AFA88CEB3F54057F83C1983A04E1049D77EA91E043EB6BF6146737B
sha3_384: 1c7e2d5714adab34277558af7db3a3da9c28f7a15105dc51f20f9908da502fa0a29148bd5f73820c657870571b6e3cc1
ep_bytes: e856020000e97afeffff558becff7508
timestamp: 2023-02-23 07:41:34

Version Info:
0: [No Data]

Fragtor.80960 also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.GOJ
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Fragtor.80960
MicroWorld-eScan	Gen:Variant.Fragtor.80960
Avast	Win32:DropperX-gen [Drp]
Emsisoft	Gen:Variant.Fragtor.80960 (B)
VIPRE	Gen:Variant.Fragtor.80960
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.a2fdf3cd5bd83199
Sophos	Generic ML PUA (PUA)
Avira	HEUR/AGEN.1228718
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.Fragtor.D13C40
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Fragtor.80960
AhnLab-V3	Trojan/Win.Generic.R526433
Acronis	suspicious
ALYac	Gen:Variant.Fragtor.80960
MAX	malware (ai score=87)
VBA32	BScope.TrojanSpy.Stealer
Rising	Trojan.Generic@AI.100 (RDML:mh47m8gEwlLcMeZcO7rt7A)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HPLW!tr
BitDefenderTheta	Gen:NN.ZexaF.36308.unX@aKsrrqc
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.fa951c

How to remove Fragtor.80960?

Fragtor.80960 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X