Categories: Malware

Should I remove “Razy.738158”?

The Razy.738158 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.738158 virus can do?

Executable code extraction
Creates RWX memory
Drops a binary and executes it
Sniffs keystrokes
Network activity detected but not expressed in API logs
Creates a copy of itself
Attempts to create or modify system certificates
Makes SMTP requests, possibly sending spam or exfiltrating data.

Related domains:

z.whorecord.xyz

a.tomx.xyz

smtp.gmail.com

How to determine Razy.738158?


File Info:
crc32: 89C67CB8md5: b142181589f2664efd8facab594d4010name: B142181589F2664EFD8FACAB594D4010.mlwsha1: 9a81b0660f280361a5124cbae7771814b41200b0sha256: 380bb929c31502121b26dc652b716ad498ef5dfe5feaf043a0828048cd845e59sha512: c3b46d8668503ef0dc8d0f66fff22569301522dcdf2dfd69a6d6ff0da1d1fe2bcad6f4d0c4e60e050700205a0d68b8d5d36d56d05069438bd9e361e3aa7c0f84ssdeep: 768:FgPL9XpxFMWSfY3ojYWo8YgMADW3lw4MTOlSFC7LZ:FgPwY3dWPuSb4nouZtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Telegfars 2018Assembly Version: 1.0.0.1InternalName: milad.exeFileVersion: 0.0.0.2CompanyName: Telegfars 2018Comments: Telegram Add MemmberProductName: 2018ProductVersion: 0.0.0.2FileDescription: Telegram Add MemmberOriginalFilename: milad.exe

Razy.738158 also known as:

Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.MulDrop8.15471
McAfee	Artemis!B142181589F2
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Spyware ( 003624591 )
K7AntiVirus	Spyware ( 003624591 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Keylogger.AJV
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 99)
Kaspersky	Trojan-Ransom.Win32.Blocker.kyqi
BitDefender	Gen:Variant.Razy.738158
NANO-Antivirus	Trojan.Win32.Blocker.faolho
MicroWorld-eScan	Gen:Variant.Razy.738158
Tencent	Win32.Trojan.Blocker.Pcic
Ad-Aware	Gen:Variant.Razy.738158
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZemsilF.34058.cm0@aG4eC@c
VIPRE	Trojan.Win32.Generic!BT
FireEye	Generic.mg.b142181589f2664e
Emsisoft	Gen:Variant.Razy.738158 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Blocker.qwb
Avira	TR/Spy.Gen
Microsoft	Backdoor:Win32/Bladabindi!ml
Arcabit	Trojan.Razy.DB436E
ZoneAlarm	Trojan-Ransom.Win32.Blocker.kyqi
GData	Gen:Variant.Razy.738158
MAX	malware (ai score=99)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/GdSda.A
Yandex	Trojan.Blocker!FPRmEAFMfuo
Ikarus	Trojan.Msil
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.BO!tr.spy
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Blocker.HgIASVUA