Malware

Razy.650765 removal

Malware Removal

The Razy.650765 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.650765 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

Related domains:

habibx.ddns.net
wpad.local-net

How to determine Razy.650765?



File Info:

name: 3E7E2BCE2051398EDD60.mlw
path: /opt/CAPEv2/storage/binaries/9a5c028a3ca96e2e68881e207050cedfe8a8e66b0405f6eda0582c07b697dde2
crc32: C84EE173
md5: 3e7e2bce2051398edd60bdc54074cbc1
sha1: 70247c1225bbfebe197471457d8c2ec1047c82ae
sha256: 9a5c028a3ca96e2e68881e207050cedfe8a8e66b0405f6eda0582c07b697dde2
sha512: 0eebaa2bda46e13d6ad9ab486a9651296c5911da82fd2ff21d6f75edea42d1e13986a0e6f6e69fffcf5824b42ac25affcd438a37ae245b0a6172408555ddccd0
ssdeep: 768:gM+7Y8mNJefVhgETsT/ycz3obFJ8BG6Fb/Q31luKESo8636U1mBTSaSz0L:2rU0XCZz3QyG6FbQlu3SoFz1mN9L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FD43C092765CB371CA1FCF3285E10283B7B7D65B8C13DB99B4CF89424FA1AE81D21526
sha3_384: 845d999426af8e2d46e61bf92b16b66ce8c85396b0b74b8dd13b59acd0636faa1fc1a985f7d0cdcfe391ce486da81bed
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-10-24 14:47:42


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: 8bpruller.exe
LegalCopyright:  
OriginalFilename: 8bpruller.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.650765 also known as:

LionicTrojan.Win32.Generic.loKa
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader24.58366
MicroWorld-eScanGen:Variant.Razy.650765
FireEyeGeneric.mg.3e7e2bce2051398e
ALYacGen:Variant.Razy.650765
CylanceUnsafe
ZillyaTrojan.Injector.Win32.590515
SangforBackdoor.MSIL.Bladabindi.mt
K7AntiVirusTrojan ( 700000121 )
AlibabaBackdoor:MSIL/Injector.dc393af8
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34294.dm0@aGndbep
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.CDQ
TrendMicro-HouseCallBKDR_BLADABINDI.SMSH
Paloaltogeneric.ml
ClamAVWin.Packed.Generic-7372636-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.650765
NANO-AntivirusTrojan.Win32.CDQ.dbjagq
AvastWin32:KeyloggerX-gen [Trj]
TencentWin32.Trojan.Generic.Lmve
Ad-AwareGen:Variant.Razy.650765
SophosMal/Generic-R + Mal/Kryptik-S
ComodoMalware@#32mbt7h7k6uvw
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_BLADABINDI.SMSH
McAfee-GW-EditionBehavesLike.Win32.Generic.qm
EmsisoftGen:Variant.Razy.650765 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.650765
JiangminTrojan.Generic.brbdp
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.22B48ED
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Razy.D9EE0D
MicrosoftBackdoor:MSIL/Bladabindi
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.C3513294
McAfeeGenericRXBS-MC!3E7E2BCE2051
VBA32Trojan.Downloader
MalwarebytesBackdoor.Bladabindi.Generic
APEXMalicious
YandexTrojan.Agent!/GT+79OVqWA
IkarusVirus.ILCrypt
eGambitUnsafe.AI_Score_95%
FortinetMSIL/Dropper.ESN!tr
WebrootW32.Injector.Gen
AVGWin32:KeyloggerX-gen [Trj]
Cybereasonmalicious.e20513
PandaTrj/CI.A

How to remove Razy.650765?

Razy.650765 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment