Malware

Razy.802888 removal tips

Malware Removal

The Razy.802888 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.802888 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Razy.802888?



File Info:

name: 1B59C70369994F9EA13F.mlw
path: /opt/CAPEv2/storage/binaries/ab871be626cf2d0a235618bc4430acee848d81ef64504dc15bf5aef01db3691a
crc32: C7B621A3
md5: 1b59c70369994f9ea13fef493ba9ff0c
sha1: 5c2e8c2844a3a73cedec61b32897d75855218592
sha256: ab871be626cf2d0a235618bc4430acee848d81ef64504dc15bf5aef01db3691a
sha512: ac3bf98e9de603a2542df8a9efa77564533f0c5a9bae5835d106f5a27e5ed1075f6afb739a92403af2426fea6b6a7cbf0f08b725e8b849cf969a757db398fcf3
ssdeep: 3072:lVcN2z3Aa/ZNclQXvr9kc3pBXBA6Yhr99HFDduXCaONRY7xBwf2:lJalcnf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A04EA518311A7ADB4CCFCF5B298FE7B2675C8E90CA039185E1187CA6D28D8174F3E66
sha3_384: dcb415745c472d05307866c04705716eba7b109b758e29b23b04b61c98a23cfb5d5e4c606c976557600ffcf33c9f492e
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-01-17 15:24:05


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: hiho.exe
LegalCopyright:  
OriginalFilename: hiho.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Razy.802888 also known as:

LionicTrojan.MSIL.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.1b59c70369994f9e
ALYacGen:Variant.Razy.802888
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e39a1 )
AlibabaTrojan:MSIL/Injector.73acb8b3
K7GWTrojan ( 0055e39a1 )
Cybereasonmalicious.369994
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.CLD
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Generic
BitDefenderGen:Variant.Razy.802888
MicroWorld-eScanGen:Variant.Razy.802888
AvastWin32:Malware-gen
TencentMsil.Trojan.Tpyn.Dzan
EmsisoftGen:Variant.Razy.802888 (B)
ComodoMalware@#zhw9mp6e59nh
DrWebTrojan.DownLoader18.59961
ZillyaTrojan.Tpyn.Win32.55
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
SophosML/PE-A + Mal/MSIL-RD
SentinelOneStatic AI – Malicious PE
JiangminTrojan.MSIL.ahzg
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.16A637A
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:MSIL/Bladabindi
ZoneAlarmHEUR:Trojan.MSIL.Generic
GDataGen:Variant.Razy.802888
McAfeeArtemis!1B59C7036999
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:OzVqSkwBgzCQWxcyLxeFeA)
YandexTrojan.Tpyn!02gXvTod1lc
IkarusTrojan.MSIL.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Dropper.VPC!tr
BitDefenderThetaGen:NN.ZemsilF.34182.km0@aGaHwqn
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Razy.802888?

Razy.802888 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment