Malware

Should I remove “NetTool.Win64.FRP”?

Malware Removal

The NetTool.Win64.FRP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NetTool.Win64.FRP virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine NetTool.Win64.FRP?



File Info:

name: CDBB5C7FBF24CFA43584.mlw
path: /opt/CAPEv2/storage/binaries/3320415e4d0c0c926a49fa34abaab6d2c6d4d93b8c4166295ddec546fef3e378
crc32: 8A9AE132
md5: cdbb5c7fbf24cfa43584671cc535bf66
sha1: 81213dbfd9d4ff59aee69a55ee5e246cdb036cdd
sha256: 3320415e4d0c0c926a49fa34abaab6d2c6d4d93b8c4166295ddec546fef3e378
sha512: 420a8c6e1a95e7b53322db937c76058954c6d0b921f1be1f02f96b906d2873b4a335a3f6e813721ffbe49845014b09c246c3fa1a128a1729b428d9ddc015200b
ssdeep: 98304:aE4xkIw8EMJhG2kcADRRnI/40YTSRBzk4rF0y:aE4xbE8hycA38uKyib
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1ABF533C575278AA7F830CB7E119C38CCE613F7B65B0E9AD00316A5968B7B5727235A03
sha3_384: 31fce18e39e721b6cc0009acf71b682380dbb6e66f1d5734698d5af9be3b254a6097be40f380af2c24417bf822601cc1
ep_bytes: 53565755488d355a76c9ff488dbedb3f
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

NetTool.Win64.FRP also known as:

LionicRiskware.Win64.FRP.1!c
Kasperskynot-a-virus:HEUR:NetTool.Win64.FRP.gen
McAfee-GW-EditionBehavesLike.Win64.Trickbot.wc
SophosGeneric PUA IB (PUA)
Antiy-AVLGrayWare/Win32.Kryptik.BQX
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
APEXMalicious

How to remove NetTool.Win64.FRP?

NetTool.Win64.FRP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment