Malware

Razy.391582 removal instruction

Malware Removal

The Razy.391582 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.391582 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the ZeusPanda malware family
  • Attempts to identify installed analysis tools by a known file location
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Detects Sandboxie using a known mutex
  • Creates a copy of itself
  • Checks for a known DeepFreeze Frozen State Mutex
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Razy.391582?



File Info:

name: CF8A34F3B11AE9A3361C.mlw
path: /opt/CAPEv2/storage/binaries/1b354ac705f3aa4013e381bb9069a93e77812e07e1d66a7178f64ed8ab9aa220
crc32: 7B07B529
md5: cf8a34f3b11ae9a3361ca249f8a77504
sha1: 251e77e57f08430a16cd141c204a74310ab6c538
sha256: 1b354ac705f3aa4013e381bb9069a93e77812e07e1d66a7178f64ed8ab9aa220
sha512: a81947099473f0485f2a9f839f91df8ade9d1ab50e7b74bd90e4111754aa52a244fd266dcd35b8a298ec5641f1ee3a0fadf61bf95feb351ad693e770c80ebe9c
ssdeep: 6144:3mf1lUPJm2N39GaRdr1w69lpMFip9KbB0fL8j6yWmf/2vh4d:dPE2CSrn9lpxWqD5k+e
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106241807789AF9D1F10692F4674CCB9ADAE17CF04A24819B77E3BD9F92728C40E9C512
sha3_384: 333dbecc66ab44d3907477bbd4495bedab7a6403a50ce59fc0017c74212eac6ffbc53e72d3ba380ef9ce7811e945f033
ep_bytes: 558bec83ec3c8365e000c7059c214300
timestamp: 2018-04-21 15:00:20


Version Info:

CompanyName: The qBittorrent project
FileDescription: qBittorrent - A Bittorrent Client
FileVersion: v3.2.0
InternalName: qbittorrent
LegalCopyright: Copyright ©2006-2015 The qBittorrent project
OriginalFilename: qbittorrent.exe
ProductName: qBittorrent
ProductVersion: v3.2.0
Translation: 0x0409 0x04b0

Razy.391582 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Panda.l!c
MicroWorld-eScanGen:Variant.Razy.391582
FireEyeGeneric.mg.cf8a34f3b11ae9a3
McAfeeGenericRXLW-MI!CF8A34F3B11A
Cylanceunsafe
ZillyaTrojan.Panda.Win32.273
SangforSpyware.Win32.Panda.Vreu
K7AntiVirusTrojan ( 0053c4bd1 )
AlibabaTrojanSpy:Win32/Panda.cc77a8ad
K7GWTrojan ( 0053c4bd1 )
Cybereasonmalicious.3b11ae
BitDefenderThetaGen:NN.ZexaF.36348.mq0@aiNNnedi
VirITTrojan.Win32.MulDrop8.CFNF
SymantecPacked.Generic.530
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.CKSP
APEXMalicious
KasperskyTrojan-Spy.Win32.Panda.bzg
BitDefenderGen:Variant.Razy.391582
NANO-AntivirusTrojan.Win32.GenKryptik.fhulqz
AvastWin32:Malware-gen
TencentWin32.Trojan-Spy.Panda.Wmhl
TACHYONTrojan-Spy/W64.Panda.210944
EmsisoftGen:Variant.Razy.391582 (B)
DrWebTrojan.MulDrop8.38875
VIPREGen:Variant.Razy.391582
TrendMicroTROJ_FRS.VSN0BI18
McAfee-GW-EditionGenericRXLW-MI!CF8A34F3B11A
Trapminemalicious.high.ml.score
SophosTroj/Hancitor-M
GDataGen:Variant.Razy.391582
JiangminTrojanSpy.Panda.mv
WebrootW32.Trojan.Gen
GoogleDetected
Antiy-AVLTrojan[Spy]/Win32.Panda
XcitiumMalware@#326ufmqerf0kv
ArcabitTrojan.Razy.D5F99E
ViRobotTrojan.Win32.Z.Panda.210944
ZoneAlarmTrojan-Spy.Win32.Panda.bzg
MicrosoftTrojan:Win32/Zbot.SIBD25!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C2703625
ALYacSpyware.Banker.panda
MAXmalware (ai score=96)
VBA32BScope.TrojanSpy.Panda
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_FRS.VSN0BI18
RisingTrojan.Zbot!8.1C74 (TFE:3:ooITQ1RMPyR)
YandexTrojan.GenAsa!jZv8e6AWxbg
IkarusTrojan-Spy.Zbot
MaxSecureTrojan.Malware.73763114.susgen
FortinetW32/Panda.BZG!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Razy.391582?

Razy.391582 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment