Malware

What is “Kazy.722671”?

Malware Removal

The Kazy.722671 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Kazy.722671 virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • A scripting utility was executed
  • Detects Avast Antivirus through the presence of a library
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Stores JavaScript or a script command in the registry, likely for persistence or configuration
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • The sample wrote data to the system hosts file.

Related domains:

javaw.ddns.net

How to determine Kazy.722671?



File Info:

crc32: 6B718B4A
md5: 442a61925e7a54c4f9681f472dc2b8b1
name: wscript
sha1: ab399d6127afb5b43dc4faf94a3cfac09e9aaafa
sha256: 173557eccc24716b8997346fd19a1e40d34ea9ac85a86f0b4ed8bdfc15c43618
sha512: b39ba1c2579fa64fa3987f8b9c578b8570f9b2c4827aafbc44b8adde2c603db80d22ad199479127f406dc1631d64bb88c4fce32a6d0e2d1cf6488e054033e715
ssdeep: 12288:w7f7RDtf5Qh6ozGbjF268Br2MUWqnDonq6iv:wHRA/zGbjoRxJqnDonG
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
Assembly Version: 5.8.7601.1828
InternalName: wscript.exe
FileVersion: 5.8.7601.1828
CompanyName: xa9 Microsoft Corporation
LegalTrademarks: Microsoft xae Windows Script Host
Comments: Microsoft xae Windows Based Script Host
ProductName: Microsoft xae Windows Script Host
ProductVersion: 5.8.7601.1828
FileDescription: Microsoft xae Windows Based Script Host
OriginalFilename: wscript.exe

Kazy.722671 also known as:

MicroWorld-eScanGen:Variant.Kazy.722671
McAfeeArtemis!442A61925E7A
CylanceUnsafe
ZillyaBackdoor.Bladabindi.Win32.752
K7GWTrojan ( 004b98841 )
K7AntiVirusTrojan ( 004b98841 )
ArcabitTrojan.Kazy.DB06EF
Invinceaheuristic
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
KasperskyBackdoor.MSIL.Bladabindi.hq
BitDefenderGen:Variant.Kazy.722671
NANO-AntivirusTrojan.Win32.Bladabindi.dvtkbd
AvastWin32:Malware-gen
TencentMsil.Backdoor.Bladabindi.Paby
Ad-AwareGen:Variant.Kazy.722671
EmsisoftGen:Variant.Kazy.722671 (B)
F-SecureGen:Variant.Kazy.722671
DrWebTrojan.PWS.Siggen1.40784
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOnestatic engine – malicious
JiangminBackdoor/MSIL.gqn
WebrootTrojan.Dropper.Gen
AviraBDS/Agent.694164
Antiy-AVLTrojan[Backdoor]/MSIL.Bladabindi
Endgamemalicious (high confidence)
AegisLabBackdoor.MSIL.Bladabindi.hq!c
ZoneAlarmBackdoor.MSIL.Bladabindi.hq
GDataGen:Variant.Kazy.722671
AhnLab-V3Malware/Win32.Generic.C1042989
ALYacGen:Variant.Kazy.722671
AVwareTrojan.Win32.Generic!BT
MAXmalware (ai score=100)
VBA32Backdoor.MSIL.Bladabindi
ESET-NOD32MSIL/Agent.EI
YandexBackdoor.Bladabindi!Nn6MtuVt4Qs
IkarusBackdoor.MSIL
FortinetMSIL/TrojanDropper.AQ!tr
AVGWin32:Malware-gen
Cybereasonmalicious.25e7a5
PandaTrj/CI.A
CrowdStrikemalicious_confidence_100% (D)

How to remove Kazy.722671?

Kazy.722671 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment