Malware

How to remove “Razy.235593 (B)”?

Malware Removal

The Razy.235593 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.235593 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family
  • Creates known Njrat/Bladabindi RAT registry keys
  • Uses suspicious command line tools or Windows utilities

How to determine Razy.235593 (B)?



File Info:

name: 662B52DF4E3FCACAE74F.mlw
path: /opt/CAPEv2/storage/binaries/3359e38cbb38ab9d54c621501db38e786568d8ff2dd123e819e615a7d30459e5
crc32: 5DF70223
md5: 662b52df4e3fcacae74f482e006395a6
sha1: 230ea467528edc62eb86a3f039aca788a2319873
sha256: 3359e38cbb38ab9d54c621501db38e786568d8ff2dd123e819e615a7d30459e5
sha512: dd461ee22c10a4c6f1375aae463e9f38188eec339dc0a6a20a21c279fc9ecd1fb7d476b18c09d7288659be42455feae84c9a5b34f8c87c75e9db79bae604b74d
ssdeep: 768:jL2s+tRyRpcnuElNSqjGj0ao090NW5yJZ6vlroX0gbBEWtTBcvHmByU:jL2s+7yRWuElBjTBWor67g++FcukU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12753AFEA3BE59C79CD6C5B3E53B04525037082179013EE2ECDE5A88BAA637C44949FF4
sha3_384: cfb2dfd819726190c31be684d12ff811138d8473f4d5cd03dfb901141f2f881a64cb9a6c0e94ccbd76894da4917ad9cf
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-29 05:14:22


Version Info:

Translation: 0x0000 0x04b0
CompanyName: hitagitator
FileDescription: thiefcommand
FileVersion: 19.16.46.70
InternalName: stagecontent.exe
LegalCopyright: habit © disrupt
OriginalFilename: stagecontent.exe
ProductName: emotional
ProductVersion: 19.16.46.70
Assembly Version: 19.16.46.70

Razy.235593 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.235593
CAT-QuickHealTrojan.Generic.TRFH5
McAfeePacked-PM!662B52DF4E3F
CylanceUnsafe
VIPREBackdoor.MSIL.Bladabindi.a (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0053e65b1 )
BitDefenderGen:Variant.Razy.235593
K7GWTrojan ( 0053e65b1 )
Cybereasonmalicious.f4e3fc
BaiduMSIL.Backdoor.Bladabindi.a
CyrenW32/MSIL_Kryptik.CRY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.PSV
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.njRAT-7436651-0
KasperskyTrojan.MSIL.Disfa.bqd
AlibabaTrojan:MSIL/Disfa.d3e953c1
RisingBackdoor.Njrat!1.9E49 (CLASSIC)
EmsisoftGen:Variant.Razy.235593 (B)
ComodoTrojWare.MSIL.Bladabindi.C@57iw6e
DrWebTrojan.DownLoader24.64059
TrendMicroBKDR_BLADABI.SMI
McAfee-GW-EditionPacked-PM!662B52DF4E3F
FireEyeGeneric.mg.662b52df4e3fcaca
SophosMal/Generic-R
IkarusTrojan.MSIL.Krypt
AviraTR/Dropper.Gen7
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftTrojan:MSIL/Remcos.PH!MTB
ZoneAlarmTrojan.MSIL.Disfa.bqd
GDataGen:Variant.Razy.235593
CynetMalicious (score: 100)
VBA32Trojan.MSIL.Disfa
ALYacGen:Variant.Razy.235593
MAXmalware (ai score=81)
MalwarebytesMalware.AI.519592961
PandaTrj/CI.A
TrendMicro-HouseCallBKDR_BLADABI.SMI
TencentMsil.Trojan.Disfa.Wmsx
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetMSIL/CoinMiner.DTL!tr
BitDefenderThetaGen:NN.ZemsilF.34182.dm0@aKRJs
AVGMSIL:Agent-DRD [Trj]
AvastMSIL:Agent-DRD [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Razy.235593 (B)?

Razy.235593 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment