Malware

Razy.110688 (file analysis)

Malware Removal

The Razy.110688 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.110688 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Razy.110688?



File Info:

crc32: F477FCFC
md5: 2f245242ece68598e9468af4c9659c8f
name: btc.exe
sha1: b2c0fa037c9fe3d6eb005c21ec4affc73af40e25
sha256: 224985a2c85ceec2ec30595243ca1aded93e883eacbf53ba4c6182324f6ef0a8
sha512: d416bab75d2cd928e60e908e341b05c7266022387fdc95ee767d64b6795a5a708ebb90047b170261b3beb438fe3b4eb2d238a37e5471e41b95f1379cf338db62
ssdeep: 49152:BnMbo8CHj2179AGg7P1Ule3HIU2L3oKfAe0Cg5kVn:BF877GXxUle3IU2L3oKYpL5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: x3070x79c1x442x434x30e7x8feax30adx5f00x415x6770x5e8x415x431x5236x442x5e6x442x5e4x91ax827ex30a6x3087x5c41x304ex305fx435x30e7x5e1x930x30bfx415x3087x9b5ax3070x8bf6x30bfx543ex5e6x432
Assembly Version: 5.0.0.0
InternalName: ACS.exe
FileVersion: 8.0.0.0
CompanyName: x7159x902x415x308fx92ax3087x3087x5c3ax543ex6770x440x3053x8feax91bx5236x415x5fb7x30d0x91ax432x6771x6bd4x30bfx438x304ex432x905x30a6x30e7x30e7x8feax9a6cx432x5e6x8d3cx543ex91bx30e7x30ef
LegalTrademarks: x8feax8feax30a6x7159x30bfx5d4x30a6x7f8ex92ax30a6x5a1cx431x30a6x30bfx5d0x513fx8bf6x513fx8349x6770x432x8bf6x930x897fx8bf6x905x8bf6x9a6cx9b5ax435x30bfx435x30e7x897fx30bfx5c3ax5a1cx5e8x5e8
Comments: x92ax434x6bd4x415x827ex30e7x30e7x8d3cx30bfx92ax91ax91bx5d4x5f00x9a6cx9a6cx8feax90fx8349x440x9a6cx438x6771x431x4e3dx30bfx440x3070x430x91ax30d0x30e7x30b3x5e9x7159x90fx30e7x415x415
ProductName: x91d1x44ax5dcx30d0x30bfx7f8ex44ax431x6771x432x902x440x432x54e6x3087x44ax432x543ex440x304ex3070x308fx3087x30f3x8349x5e1x430x90fx436x304ex30c8x8feax432x6bd4x30e7x79c1x432x5d4x415
ProductVersion: 8.0.0.0
FileDescription: ACService
OriginalFilename: ACS.exe

Razy.110688 also known as:

BkavW32.HfsAutoB.
MicroWorld-eScanGen:Variant.Razy.110688
FireEyeGeneric.mg.2f245242ece68598
McAfeeArtemis!2F245242ECE6
CylanceUnsafe
SangforMalware
BitDefenderGen:Variant.Razy.110688
Cybereasonmalicious.2ece68
BitDefenderThetaGen:NN.ZexaF.34090.Qx0@ayRDq4c
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
AlibabaTrojanBanker:MSIL/BitStealer.9dd7a0c7
AegisLabTrojan.Multi.Generic.4!c
RisingMalware.Strealer!8.1EF (CLOUD)
Ad-AwareGen:Variant.Razy.110688
EmsisoftGen:Variant.Razy.110688 (B)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusWin32.Outbreak
MAXmalware (ai score=83)
Endgamemalicious (high confidence)
ArcabitTrojan.Razy.D1B060
MicrosoftTrojan:Win32/Occamy.C
ALYacGen:Variant.Razy.110688
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Packed.Themida.HEK
TencentMsil.Trojan-banker.Bitstealer.Hsiu
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_64%
GDataGen:Variant.Razy.110688
AVGFileRepMalware
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_80% (W)
Qihoo-360Generic/Trojan.f3a

How to remove Razy.110688?

Razy.110688 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment