Malware

Razy.188653 removal guide

Malware Removal

The Razy.188653 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.188653 virus can do?

  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Razy.188653?



File Info:

name: 5F9927EA7DC9D55D93E7.mlw
path: /opt/CAPEv2/storage/binaries/52b23cd9d3329959a3ac560c22b936fbd43b2f0eb595dfaf30c27a1904bf7f32
crc32: 97807417
md5: 5f9927ea7dc9d55d93e7b6a723205236
sha1: 11d189f108d37636e88da8348462beed306f41e8
sha256: 52b23cd9d3329959a3ac560c22b936fbd43b2f0eb595dfaf30c27a1904bf7f32
sha512: 09dd3c9abc8aa772016fb8608fed81f0f82daf2854b0bd237586fa06d620ca26779febd8bed0647cd1e877856fd4c2d46c4a4b74be06f434f198cf16f9371f8f
ssdeep: 6144:5XUNbDDjolislHAHiJDGTryW3QJ7qptsRjUZIyHnS:iNbL2isl3JD+WW3QJSsRjUZjHn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10954F017A2C97FA2C1B910FA733303C5D749CE641257D61DE6E8B460687935B3A8E3CA
sha3_384: 45d45cc53094762dee5bd0de31f0b067daf0d8996415586f303bc3a5e3d85404fb3cd9e18e813347dbc34e8a2e10eba5
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-04-14 18:29:10


Version Info:

Translation: 0x0000 0x04b0
FileDescription: 1
FileVersion: 1.0.0.0
InternalName: 1.exe
LegalCopyright: Copyright ©  2019
OriginalFilename: 1.exe
ProductName: 1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.188653 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.meyf
MicroWorld-eScanGen:Variant.Razy.188653
FireEyeGeneric.mg.5f9927ea7dc9d55d
ALYacGen:Variant.Razy.188653
MalwarebytesBackdoor.Bladabindi
ZillyaTrojan.Generic.Win32.825693
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005302041 )
BitDefenderGen:Variant.Razy.188653
K7GWTrojan ( 005302041 )
Cybereasonmalicious.a7dc9d
ArcabitTrojan.Razy.D2E0ED
VirITTrojan.Win32.Dnldr27.BHTN
CyrenW32/S-5901d407!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.LBY
CynetMalicious (score: 100)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-6866357-0
KasperskyUDS:Trojan.Win32.Generic
AlibabaTrojan:MSIL/Kryptik.7d90dcd7
NANO-AntivirusTrojan.Win32.Kryptik.fpbzpf
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Szvt
Ad-AwareGen:Variant.Razy.188653
SophosMal/Generic-R
ComodoMalware@#zsuvuqz9npt6
DrWebTrojan.DownLoader27.22815
VIPREGen:Variant.Razy.188653
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Razy.188653 (B)
JiangminTrojan.Generic.egcob
AviraHEUR/AGEN.1216908
MicrosoftBackdoor:MSIL/Bladabindi
GDataGen:Variant.Razy.188653
GoogleDetected
AhnLab-V3Trojan/Win32.Bladabindi.C3160896
Acronissuspicious
McAfeeArtemis!5F9927EA7DC9
MAXmalware (ai score=99)
CylanceUnsafe
RisingTrojan.Generic/[email protected] (RDM.MSIL:yRr/ElHnU7x3JUF/oWWFFQ)
YandexTrojan.Agent!n54MZ+lyCvU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetMSIL/DotNet.LBY!tr
BitDefenderThetaGen:NN.ZemsilF.34606.sm0@aeUyCBb
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Razy.188653?

Razy.188653 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment