Trojan

About “Trojan.Agent.FRYX” infection

Malware Removal

The Trojan.Agent.FRYX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.FRYX virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Agent.FRYX?



File Info:

name: 4BCDB0B718071C8A84B0.mlw
path: /opt/CAPEv2/storage/binaries/21998eb2b1bd859236286cd5c9d87228812306cadc350e43dddc64b5be8485e7
crc32: 3C21CDAA
md5: 4bcdb0b718071c8a84b0ccdd61b5ab46
sha1: 8bee65bc9278696e9c1579c429b072fc929a3074
sha256: 21998eb2b1bd859236286cd5c9d87228812306cadc350e43dddc64b5be8485e7
sha512: 8bb5e9c5cb1821338691dc39c3c2091d3143d69adb2fbeb9e6176551c8503da6129e5f88bc79d3e144bf3e62b05de5c1ab0167a5073e914ec28d9ba5e708b4f7
ssdeep: 24576:06bzz1unJDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDn:06P4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16AB64AB1A684D9D1E4952B3088279FE419FDFC849C814342B1AC3F8BBDB7241359E66F
sha3_384: c35bb8c4bd1aa8537bb6b889193de3900f6271da1d68ea52201b55e5ad24c66fbb54e9b726f14845734389f01e072a70
ep_bytes: e82c500000e979feffffb820f04200c3
timestamp: 2020-11-26 01:48:34


Version Info:

FileVersion: 21.29.120.69
InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translation: 0x0129 0x07b2

Trojan.Agent.FRYX also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.37122
MicroWorld-eScanTrojan.Agent.FRYX
FireEyeGeneric.mg.4bcdb0b718071c8a
McAfeePacked-GEE!4BCDB0B71807
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058d45d1 )
K7GWTrojan ( 0058d45d1 )
BitDefenderThetaGen:NN.ZexaF.34182.@t0@aeuBrKoG
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOAX
TrendMicro-HouseCallMal_Tofsee
AvastWin32:AceCrypter-B [Cryp]
ClamAVWin.Malware.Generic-9936948-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.Agent.FRYX
Ad-AwareTrojan.Agent.FRYX
SophosML/PE-A + Mal/Agent-AWV
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.RansomWannaCry.vh
EmsisoftTrojan.Crypt (A)
JiangminTrojan.Stop.ctw
Antiy-AVLTrojan[Ransom]/Win32.STOP
MicrosoftRansom:Win32/StopCrypt.PAQ!MTB
GDataWin32.Trojan.BSE.12FNXDY
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GEE.R466646
Acronissuspicious
VBA32BScope.Trojan.Convagent
ALYacTrojan.Agent.FRYX
MAXmalware (ai score=80)
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingRansom.Stop!8.10810 (TFE:dGZlOgWXwTzSdGcV5A)
YandexTrojan.Kryptik!0V0DTcSKa1Y
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.HOCG!tr
AVGWin32:AceCrypter-B [Cryp]
PandaTrj/GdSda.A

How to remove Trojan.Agent.FRYX?

Trojan.Agent.FRYX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment