Trojanspy.Fbkatz (file analysis)

The Trojanspy.Fbkatz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojanspy.Fbkatz virus can do?

Executable code extraction
Creates RWX memory
Attempts to connect to a dead IP:Port (9 unique times)
At least one IP Address, Domain, or File Name was found in a crypto call
Network anomalies occured during the analysis.
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Queries information on disks, possibly for anti-virtualization
Steals private information from local Internet browsers
Collects information about installed applications
Generates some ICMP traffic
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

www.wdsfw34erf93.com

www.rationalowl.com

crt.usertrust.com

ocsp.comodoca.com

ocsp.usertrust.com

ocsp.sectigo.com

iplogger.org

apps.identrust.com

isrg.trustid.ocsp.identrust.com

ocsp.int-x3.letsencrypt.org

How to determine Trojanspy.Fbkatz?


File Info:
crc32: 0BF50A6A
md5: 9c6fdeb2af716fee153488d8e2288b86
name: upload_file
sha1: 9eddc3f78a070ce0eecb9d9091a7f4206cd00472
sha256: 3419cd3aa1836577742af73aefa4d0fd5a198cbc4474af670408e6752f0dd89e
sha512: 55d671e73c895226e99564e8ef3fd2b251bbb5fc45e86344403b83a041c5d7bcf75010db8ec1b4e7afef9f57d48d0e8767c57803302bcbbeaffa9c27aab3bfce
ssdeep: 196608:JIUtl0sOY4e7ik+TuKKhIS0CuxjS81goG1XPZjjKKqaslMIz1kDaZ1//oq4nTf39:u8WQ7F9KKhN0J1goG1F0aslMIz1bZ13a
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojanspy.Fbkatz also known as:

Elastic	malicious (high confidence)
CAT-QuickHeal	Trojanspy.Fbkatz
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
BitDefender	Trojan.GenericKD.34729064
K7GW	Trojan ( 00570bb91 )
K7AntiVirus	Trojan ( 00570bb91 )
Invincea	Mal/Generic-S
Cyren	W32/Trojan.FZGN-2908
Symantec	Trojan.Gen.MBT
APEX	Malicious
ClamAV	Win.Malware.Nemesis-9775649-0
Kaspersky	HEUR:Trojan-Dropper.Win32.Dapato.gen
Alibaba	TrojanPSW:Win32/Socelars.8ec66080
NANO-Antivirus	Trojan.Win32.Fbkatz.hvpzzm
Emsisoft	Trojan.GenericKD.34729064 (B)
Comodo	Malware@#v728lg4gb1ki
F-Secure	Trojan.TR/Kryptik.hxwkw
DrWeb	Trojan.PWS.Siggen2.57014
TrendMicro	TROJ_GEN.R011C0WJC20
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
FireEye	Generic.mg.9c6fdeb2af716fee
Sophos	Mal/Generic-S
Jiangmin	PSWTool.NetPass.tb
Avira	TR/AD.PredatorThief.HX
Microsoft	TrojanSpy:Win32/Socelars!MSR
Arcabit	Application.Heur.mmKfkyM2bMpO
ZoneAlarm	HEUR:Trojan-Dropper.Win32.Dapato.gen
GData	Win32.Trojan-Stealer.CoinStealer.UAS46U
Cynet	Malicious (score: 85)
AhnLab-V3	Unwanted/Win32.Mimikatz.C4191634
McAfee	Artemis!9C6FDEB2AF71
MAX	malware (ai score=85)
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Trojan.Downloader
Panda	Trj/CI.A
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TROJ_GEN.R011C0WJC20
Rising	Trojan.IPLogger!1.C3EB (CLASSIC:5:kMsZxfVInkV)
Yandex	Trojan.PWS.Agent!haHc1puF2MQ
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/GenKryptik.ETPY!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.78a070
Avast	Win32:MalwareX-gen [Trj]
Qihoo-360	Win32/Trojan.Dropper.9f4

How to remove Trojanspy.Fbkatz?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojanspy.Fbkatz (file analysis)