Categories: Malware

What is “Kazy.722671”?

The Kazy.722671 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Kazy.722671 virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
Drops a binary and executes it
A scripting utility was executed
Detects Avast Antivirus through the presence of a library
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Exhibits behavior characteristic of iSpy Keylogger
Installs itself for autorun at Windows startup
Stores JavaScript or a script command in the registry, likely for persistence or configuration
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
The sample wrote data to the system hosts file.

Related domains:

javaw.ddns.net

How to determine Kazy.722671?


File Info:
crc32: 6B718B4Amd5: 442a61925e7a54c4f9681f472dc2b8b1name: wscriptsha1: ab399d6127afb5b43dc4faf94a3cfac09e9aaafasha256: 173557eccc24716b8997346fd19a1e40d34ea9ac85a86f0b4ed8bdfc15c43618sha512: b39ba1c2579fa64fa3987f8b9c578b8570f9b2c4827aafbc44b8adde2c603db80d22ad199479127f406dc1631d64bb88c4fce32a6d0e2d1cf6488e054033e715ssdeep: 12288:w7f7RDtf5Qh6ozGbjF268Br2MUWqnDonq6iv:wHRA/zGbjoRxJqnDonGtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: xa9 Microsoft Corporation. All rights reserved.Assembly Version: 5.8.7601.1828InternalName: wscript.exeFileVersion: 5.8.7601.1828CompanyName: xa9 Microsoft CorporationLegalTrademarks: Microsoft xae Windows Script HostComments: Microsoft xae Windows Based Script HostProductName: Microsoft xae Windows Script HostProductVersion: 5.8.7601.1828FileDescription: Microsoft xae Windows Based Script HostOriginalFilename: wscript.exe

Kazy.722671 also known as:

MicroWorld-eScan	Gen:Variant.Kazy.722671
McAfee	Artemis!442A61925E7A
Cylance	Unsafe
Zillya	Backdoor.Bladabindi.Win32.752
K7GW	Trojan ( 004b98841 )
K7AntiVirus	Trojan ( 004b98841 )
Arcabit	Trojan.Kazy.DB06EF
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
Paloalto	generic.ml
Kaspersky	Backdoor.MSIL.Bladabindi.hq
BitDefender	Gen:Variant.Kazy.722671
NANO-Antivirus	Trojan.Win32.Bladabindi.dvtkbd
Avast	Win32:Malware-gen
Tencent	Msil.Backdoor.Bladabindi.Paby
Ad-Aware	Gen:Variant.Kazy.722671
Emsisoft	Gen:Variant.Kazy.722671 (B)
F-Secure	Gen:Variant.Kazy.722671
DrWeb	Trojan.PWS.Siggen1.40784
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
SentinelOne	static engine – malicious
Jiangmin	Backdoor/MSIL.gqn
Webroot	Trojan.Dropper.Gen
Avira	BDS/Agent.694164
Antiy-AVL	Trojan[Backdoor]/MSIL.Bladabindi
Endgame	malicious (high confidence)
AegisLab	Backdoor.MSIL.Bladabindi.hq!c
ZoneAlarm	Backdoor.MSIL.Bladabindi.hq
GData	Gen:Variant.Kazy.722671
AhnLab-V3	Malware/Win32.Generic.C1042989
ALYac	Gen:Variant.Kazy.722671
AVware	Trojan.Win32.Generic!BT
MAX	malware (ai score=100)
VBA32	Backdoor.MSIL.Bladabindi
ESET-NOD32	MSIL/Agent.EI
Yandex	Backdoor.Bladabindi!Nn6MtuVt4Qs
Ikarus	Backdoor.MSIL
Fortinet	MSIL/TrojanDropper.AQ!tr
AVG	Win32:Malware-gen
Cybereason	malicious.25e7a5
Panda	Trj/CI.A
CrowdStrike	malicious_confidence_100% (D)