Trojan

What is “Trojan:Win32/Fherntok.A”?

Malware Removal

The Trojan:Win32/Fherntok.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Fherntok.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Installs itself for autorun at Windows startup

How to determine Trojan:Win32/Fherntok.A?



File Info:

name: 25EB56D13913B8E86C37.mlw
path: /opt/CAPEv2/storage/binaries/e5924c1a11717639764f337052964ea2f70eca95af071d83a3ca767a41b75d72
crc32: 3842E94A
md5: 25eb56d13913b8e86c37b8789b34af02
sha1: aff0c6fad239a606decbf797eed0794ee5e42093
sha256: e5924c1a11717639764f337052964ea2f70eca95af071d83a3ca767a41b75d72
sha512: 43f54d64c94b44918b8d7efa0c25e30b0d4bdb03774bf919fc72c3658038a3457ac2414d171f1cb0ca512da5b05dbcc090b1fb1f09a886e9fd6e629bcaa1486f
ssdeep: 192:eV5cQhs4JFJJNgwRVbnlYJLIo6LTZ55Tm9KOh5b6buc:eVy8s4JrkwRW8fLTpm9Kwd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T152223A1A67F08337CB1E07750DB3A6105B75C6166A2B9F5F28C892BA6D4324487836F2
sha3_384: 83d373fa788855dc9c58f8dbded675011e6fee3c85565848bd18d1ba780fb7a7b8384b5980604f7d66c146b4151929f1
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-04-15 22:10:25


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: svchost.exe
LegalCopyright:  
OriginalFilename: svchost.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:Win32/Fherntok.A also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.BtcMine.83
MicroWorld-eScanGen:Heur.Variadic.A.348.1
FireEyeGeneric.mg.25eb56d13913b8e8
McAfeeArtemis!25EB56D13913
CylanceUnsafe
ZillyaTrojan.CoinMiner.Win32.186
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00476e2a1 )
AlibabaTrojan:Win32/Fherntok.3243ab91
K7GWTrojan ( 00476e2a1 )
Cybereasonmalicious.13913b
BitDefenderThetaGen:NN.ZemsilF.34084.am0@a4!xLfo
CyrenW32/Trojan.DIS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/CoinMiner.AK
TrendMicro-HouseCallTROJ_SPNR.07DL13
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Variadic.A.348.1
NANO-AntivirusTrojan.Win32.BtcMine.brdkdg
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastMSIL:BitCoinMiner-G [Trj]
TencentWin32.Trojan.Generic.Htct
Ad-AwareGen:Heur.Variadic.A.348.1
SophosMal/Generic-S
ComodoMalware@#2q5bi1ytx81jn
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_SPNR.07DL13
McAfee-GW-EditionBehavesLike.Win32.Generic.lt
EmsisoftGen:Heur.Variadic.A.348.1 (B)
IkarusTrojan.MSIL.CoinMiner
GDataGen:Heur.Variadic.A.348.1
JiangminTrojan.Generic.wpqw
eGambitUnsafe.AI_Score_96%
AviraHEUR/AGEN.1124816
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Variadic.A.348.1
MicrosoftTrojan:Win32/Fherntok.A
AhnLab-V3Trojan/Win32.Llac.R18525
VBA32CIL.StupidStealth.Heur
ALYacGen:Heur.Variadic.A.348.1
MalwarebytesTrojan.Agent.Gen
APEXMalicious
YandexTrojan.Agent!zZttswe7fgw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Generic!tr
WebrootW32.Trojan.Gen
AVGMSIL:BitCoinMiner-G [Trj]
PandaTrj/OCJ.E
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Fherntok.A?

Trojan:Win32/Fherntok.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment