Trojan

What is “Trojan.Agent.FRYW”?

Malware Removal

The Trojan.Agent.FRYW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.FRYW virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine Trojan.Agent.FRYW?



File Info:

name: CF0F9086E6B8BC262843.mlw
path: /opt/CAPEv2/storage/binaries/f9a11f55567fcce3273f752fbeb69d270dfa75c13d2aa54fc6d25b657de164ad
crc32: 1F93F202
md5: cf0f9086e6b8bc2628439a6898994c81
sha1: 42d7e277228e2ea4c8825394b401594df9a2e2a7
sha256: f9a11f55567fcce3273f752fbeb69d270dfa75c13d2aa54fc6d25b657de164ad
sha512: e11ff479f944569497dd43dce26a6dff31ac5bfd3e3fc8de89d08ad31033689c68587b4ffe488b25a54f96e953526f0adc267f4ee99acf264e4cb7a3c71c8067
ssdeep: 6144:WNhLTz2Ye2engZeZuILV1tWcEAsT2f03C7Dvot+Hgci+6V:cD2Ye2GgZrI0cEAsMot+HG+6V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14284E0217AD0E432C4C64E70882BDFA05ABDBC352CA9564777A43B5AAE313F1527634F
sha3_384: 3b9187e3a311b0468792c9acd43a898c5ac8ea7261c119186ea101014f51086ac8c7945a3622df3a3a70abd005e244ba
ep_bytes: e82c500000e979feffffb820d04400c3
timestamp: 2020-12-25 19:30:25


Version Info:

FileVersion: 21.29.120.69
InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translation: 0x0129 0x07b2

Trojan.Agent.FRYW also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.FRYW
FireEyeGeneric.mg.cf0f9086e6b8bc26
CAT-QuickHealRansom.Stopcrypt
ALYacTrojan.Agent.FRYW
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003e58dd1 )
K7GWTrojan ( 0058d45d1 )
Cybereasonmalicious.7228e2
BitDefenderThetaGen:NN.ZexaF.34182.yq0@a4sLgFaG
CyrenW32/Convagent.O.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOAX
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9936948-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.Agent.FRYW
APEXMalicious
Ad-AwareTrojan.Agent.FRYW
TACHYONRansom/W32.Stop.405504
EmsisoftTrojan.Crypt (A)
DrWebTrojan.PWS.Siggen3.10702
McAfee-GW-EditionBehavesLike.Win32.RansomWannaCry.fh
SophosML/PE-A + Mal/Agent-AWV
IkarusTrojan.Win32.Crypt
JiangminTrojan.Stop.ctl
MicrosoftRansom:Win32/StopCrypt.PAQ!MTB
GDataWin32.Trojan.BSE.12FNXDY
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GEE.R466765
McAfeePacked-GEE!CF0F9086E6B8
MAXmalware (ai score=82)
VBA32BScope.Trojan.Convagent
MalwarebytesTrojan.MalPack.GS
AvastWin32:AceCrypter-B [Cryp]
RisingRansom.Stop!8.10810 (RDMK:cmRtazpO7zXAFb32JaRkrX/gWvzD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.HOCG!tr
AVGWin32:AceCrypter-B [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Agent.FRYW?

Trojan.Agent.FRYW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment