Trojan

Trojan.Win32.Fsysna.hrfj (file analysis)

Malware Removal

The Trojan.Win32.Fsysna.hrfj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Fsysna.hrfj virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Attempts to disable UAC
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan.Win32.Fsysna.hrfj?



File Info:

name: 0A4002BDD22DEFCC2D32.mlw
path: /opt/CAPEv2/storage/binaries/37cbee54b19eb2aec5d1622723ba94f50504c8418b815d470427513463af415d
crc32: F737D330
md5: 0a4002bdd22defcc2d32a996b3d249c3
sha1: 6a8f82081d9ea94c4e30abf7ac3f60ed127dbe19
sha256: 37cbee54b19eb2aec5d1622723ba94f50504c8418b815d470427513463af415d
sha512: bd865b015d82e5ade17463b40eae4481ba60589a41f986428b612ba196f4c146edee12e0021819b0ad9917c877c6f98934f7ecdc82a108beb30d31965fa724de
ssdeep: 24576:8RaZROMOm8FN7TjsPnzt2heeRhQbJEOeamH0jsFoWz/M4vrDOp3TetIhOj8zo6aY:qkxOm+7TjsPnztyDMmaJiZz0BIIhme2
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T15E75BF9963A441DAFEA6E237CA52C507C3B1BC8A4277872F01E43A752F737711A1E721
sha3_384: 3099dead795f7225f545d377cebbcfbc6ae3b58b17d9edcadc98d64e36ac544148946917b24770f202154588dcac913b
ep_bytes: 4883ec28e8bfb300004883c428e936fe
timestamp: 2020-11-10 00:01:15


Version Info:

FileVersion: 1.0.0.34
Comments: 바탕화면 런처 프로그램
FileDescription: AideLauncherPlus
ProductVersion: 3.3.14.5
CompanyName: AIDESOFT
LegalCopyright: @Copyrite(c) 2020 by AIDESOFT. All rights reserved.
Translation: 0x0412 0x04b0

Trojan.Win32.Fsysna.hrfj also known as:

LionicTrojan.Win32.Fsysna.4!c
MicroWorld-eScanTrojan.GenericKD.38119693
FireEyeTrojan.GenericKD.38119693
McAfeeArtemis!0A4002BDD22D
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Fsysna.2e6e5c61
Paloaltogeneric.ml
KasperskyTrojan.Win32.Fsysna.hrfj
BitDefenderTrojan.GenericKD.38119693
Ad-AwareTrojan.GenericKD.38119693
EmsisoftTrojan.GenericKD.38119693 (B)
McAfee-GW-EditionBehavesLike.Win64.Generic.tc
IkarusTrojan.Fsysna
AviraHEUR/AGEN.1139945
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.GenericKD.38119693
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.38119693
APEXMalicious
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Win32.Fsysna.hrfj?

Trojan.Win32.Fsysna.hrfj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment