Malware

Razy.810157 removal instruction

Malware Removal

The Razy.810157 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.810157 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Razy.810157?



File Info:

name: 4D3A04BB364F40D4BBD1.mlw
path: /opt/CAPEv2/storage/binaries/292bb8e2a0e3ffe3b63d0d726e2010bf13aba6e3acfaefd2d6ad56d688800efa
crc32: 4A232F41
md5: 4d3a04bb364f40d4bbd114e2de573af0
sha1: b85f6607db0532ebcdbbcdb130b45c63a0036bf5
sha256: 292bb8e2a0e3ffe3b63d0d726e2010bf13aba6e3acfaefd2d6ad56d688800efa
sha512: c57b0deec704f48af89abf9a38f94b1b265d32c44079ebcb9ef987b12313bce4d7f0701b95fe7ea195a8dbd25463e5da736dda82794f5ea99c24e454d14db7e1
ssdeep: 1536:SlYvVp4295K65qsj3PUlqJSamHF5WkjZm0oMhJaaxBRUo5nXyXCw2n+K84MliLMI:ZVpXL9HslqCHvDJdJaERU2X4u+b4f
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E9B3E14DEB8C8B93E7598EFEE1A233E483E090735747FB871CCA14D518A23A1A5195C7
sha3_384: 51505687b30570f885218673faf1883812286b148d81af5b37a194d771c36128192e34d699f8869f7a68ba779b44b16d
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-25 19:00:54


Version Info:

Translation: 0x0000 0x04b0
Comments: yak)§?59%TI
CompanyName: uai729VZ3MD
FileDescription: uai729VZ3MD
FileVersion: 4.1.5.​0
InternalName: btx2.exe
LegalCopyright: uai729VZ3MD
LegalTrademarks: yak)§?59%TI
OriginalFilename: btx2.exe
ProductName: yak)§?59%TI
ProductVersion: 4.1.5.​0
Assembly Version: 4.2.4.5

Razy.810157 also known as:

LionicTrojan.MSIL.Bladabindi.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.810157
FireEyeGeneric.mg.4d3a04bb364f40d4
ALYacGen:Variant.Razy.810157
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforBackdoor.MSIL.Bladabindi.gen
K7AntiVirusTrojan ( 004b8b3a1 )
AlibabaBackdoor:MSIL/Bladabindi.db487e8e
K7GWTrojan ( 004b8b3a1 )
CrowdStrikewin/malicious_confidence_90% (W)
BaiduMSIL.Trojan.Kryptik.a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.PM
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderGen:Variant.Razy.810157
NANO-AntivirusTrojan.Win32.Drop.cwbgey
AvastWin32:Trojan-gen
TencentMsil.Backdoor.Bladabindi.Pdwk
Ad-AwareGen:Variant.Razy.810157
EmsisoftGen:Variant.Razy.810157 (B)
ComodoTrojWare.MSIL.Agent.QO@6lc0hx
DrWebWin32.HLLW.Autoruner2.779
ZillyaTrojan.Kryptik.Win32.2701612
TrendMicroTROJ_GEN.R002C0PB622
McAfee-GW-EditionTrojan-FDWX!4D3A04BB364F
SophosMal/Generic-R + Troj/MSIL-DLM
IkarusTrojan.Agent
GDataGen:Variant.Razy.810157
AviraBDS/Bladabindi.ajotq
Antiy-AVLTrojan/Generic.ASMalwS.317E780
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Generic.C221851
McAfeeTrojan-FDWX!4D3A04BB364F
MAXmalware (ai score=84)
VBA32TScope.Trojan.MSIL
MalwarebytesMachineLearning/Anomalous.100%
TrendMicro-HouseCallTROJ_GEN.R002C0PB622
YandexTrojan.Kryptik!rv/tW7YBnH4
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Dropper.PM!tr
BitDefenderThetaGen:NN.ZemsilF.34212.hm0@aWj6@4c
AVGWin32:Trojan-gen
Cybereasonmalicious.b364f4
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Razy.810157?

Razy.810157 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment