Malware

What is “Win32:Downloader-FRA [Trj]”?

Malware Removal

The Win32:Downloader-FRA [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Downloader-FRA [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Win32:Downloader-FRA [Trj]?



File Info:

name: 78D64844DB2490E004D0.mlw
path: /opt/CAPEv2/storage/binaries/8a7153b1f6698f6809ea64a4436b53ba9ab51e609ee708855809900e49e0ee67
crc32: 6665A128
md5: 78d64844db2490e004d0d3685701f3d1
sha1: bd0749396eec38b680572a3232e0be73ed520798
sha256: 8a7153b1f6698f6809ea64a4436b53ba9ab51e609ee708855809900e49e0ee67
sha512: 6a65d8607c6f2719b32276556d5d7c5bed1b79adcd7371e922d637d53f71815e99fb67b73f25f8d0301d5ac6c4afa5038a50978c29375a00af60b34e71c9ded3
ssdeep: 196608:2W/kGele2Tx3JGKTVqelrhAcwc0MCayd6Ig5FYRW:lcd3JGMY2hAHMCaxfsW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF6633371D641498E46FCA3EF18152A8D16D28871FD2E4511F88DE1BC5039A2FBB3BE9
sha3_384: 491a6a6239d48d14a69569b6f0981212588ff8d2e5f10eff945cee54254afebe3685d1edea6e9fae491d040acfe0587b
ep_bytes: 60be00f04c008dbe0020f3ff57eb0b90
timestamp: 2004-05-11 00:17:46


Version Info:

CompanyName: Qper1 Software
FileDescription: Qper1 Internet Browser
FileVersion: 1190
InternalName: Qper1
LegalCopyright: Copyright © Qper1 Software 1995-2011
OriginalFilename: Qper1.exe
ProductName: Qper1 Internet Browser
ProductVersion: 11.01
Translation: 0x0409 0x04b0

Win32:Downloader-FRA [Trj] also known as:

LionicTrojan.Win32.Generic.4!c
DrWebTrojan.Packed.21467
MicroWorld-eScanGen:Variant.Kazy.12858
FireEyeGeneric.mg.78d64844db2490e0
CAT-QuickHealWorm.SlenfBot.Gen
ALYacGen:Variant.Kazy.12858
CylanceUnsafe
ZillyaTrojan.Generic.Win32.287569
SangforTrojan.Win32.Kazy.12858
K7AntiVirusHacktool ( 005286b81 )
AlibabaVirTool:Win32/Obfuscator.d299b989
K7GWHacktool ( 005286b81 )
Cybereasonmalicious.4db249
BitDefenderThetaGen:NN.ZexaF.34212.@pNfa4JvVoic
VirITTrojan.Win32.Packed.BFTR
CyrenW32/Sefnit.G.gen!Eldorado
SymantecTrojan.ADH
ESET-NOD32a variant of Win32/Kryptik.KSF
Paloaltogeneric.ml
ClamAVWin.Spyware.Zbot-1279
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Kazy.12858
NANO-AntivirusTrojan.Win32.Kryptik.dfbfdz
AvastWin32:Downloader-FRA [Trj]
TencentMalware.Win32.Gencirc.116abba8
Ad-AwareGen:Variant.Kazy.12858
SophosMal/Generic-S + Mal/Zbot-CX
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
VIPRETrojan.Win32.Kryptik.lbu (v)
TrendMicroWORM_KOLAB.SMB
McAfee-GW-EditionW32/Pinkslipbot.gen.ae
EmsisoftGen:Variant.Kazy.12858 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Kazy.12858
JiangminTrojan-Spy.AveMaria.a
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.1894CF0
MicrosoftTrojan:Win32/Sefnit.G
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R3069
McAfeeArtemis!78D64844DB24
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
TrendMicro-HouseCallWORM_KOLAB.SMB
RisingExploit.ShellCode!8.2A (CLOUD)
YandexTrojan.GenAsa!jH0hWcT8CFM
IkarusTrojan-PWS.Win32.Zbot
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/Kryptik.NAS!tr
AVGWin32:Downloader-FRA [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Win32:Downloader-FRA [Trj]?

Win32:Downloader-FRA [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment