Malware

Razy.866152 (B) removal

Malware Removal

The Razy.866152 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.866152 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • CAPE detected the DridexLoader malware family
  • Attempts to modify proxy settings

How to determine Razy.866152 (B)?



File Info:

name: 58A58EAA197FF0A01929.mlw
path: /opt/CAPEv2/storage/binaries/288bf7415195917aa73917239690f3d2ebb60e5f7b4043e000d63c36a5fe7e60
crc32: 9751139F
md5: 58a58eaa197ff0a01929b10045497160
sha1: 5c4ae8897d80d3be5ec41288ea584b5dbc0d718e
sha256: 288bf7415195917aa73917239690f3d2ebb60e5f7b4043e000d63c36a5fe7e60
sha512: 19266bb413c062b3c8064c7f8e2c6ebe68463616eec5f7a9ae3e4e99ffeecb1716395a9fb265d386fbf143f1fb48c49eb6cdeb844d274ea22b23ddbad3b961d0
ssdeep: 6144:fRP+tvAbB0TcAcig3SuEE/UPTYkkK795PuBSciRzWpIIjxmV:fgdAbPfh3SW/Uc5K73PuBMRYj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17D650102676BED6AC8168931EC13533293969F142BFB6847FA807ADD31E87E155323C2
sha3_384: 695c42559a19349d38438ed5d4055be22ff32a1d856d0d3ad8dfaa870302628a9c6ab95d564dba856e56a7bfbb8787f8
ep_bytes: 558bec83ec7cc745fc00000000c745f8
timestamp: 2021-06-19 22:46:41


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: PuTTY SSH key generation utility
InternalName: PuTTYgen
OriginalFilename: PuTTYgen
FileVersion: Release 0.68
ProductVersion: Release 0.68
LegalCopyright: Copyright © 1997-2017 Simon Tatham.
Translation: 0x0809 0x04b0

Razy.866152 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.58a58eaa197ff0a0
CAT-QuickHealTrojan.MultiPMF.S21217860
ALYacGen:Variant.Razy.866152
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3331936
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/ClipBanker.e524ec58
K7GWTrojan ( 0057e3421 )
K7AntiVirusTrojan ( 0057e3421 )
CyrenW32/Kryptik.EJP.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLJZ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Bsymem.pef
BitDefenderGen:Variant.Razy.866152
NANO-AntivirusTrojan.Win32.Dridex.iwobyt
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
MicroWorld-eScanGen:Variant.Razy.866152
AvastWin32:BankerX-gen [Trj]
TencentMalware.Win32.Gencirc.10ce6037
Ad-AwareGen:Variant.Razy.866152
EmsisoftGen:Variant.Razy.866152 (B)
DrWebTrojan.Dridex.735
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-R + Mal/EncPk-APV
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.866152
JiangminTrojan.Multi.bcw
AviraHEUR/AGEN.1207801
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.3319637
MicrosoftTrojan:Win32/ClipBanker.RM!MTB
AhnLab-V3Trojan/Win.QakBot.R426423
McAfeeGenericRXAA-AA!58A58EAA197F
TACHYONTrojan/W32.Bsymem.1513984
VBA32BScope.Trojan-Spy.Zbot
MalwarebytesMalware.AI.4291400004
RisingTrojan.Kryptik!1.D606 (CLOUD)
IkarusTrojan.Win32.Dridex
MaxSecureTrojan.Malware.82199810.susgen
FortinetW32/GenKryptik.FMFO!tr
BitDefenderThetaGen:NN.ZexaF.34212.CP0@aalUiHci
AVGWin32:BankerX-gen [Trj]
Cybereasonmalicious.a197ff
PandaTrj/GdSda.A

How to remove Razy.866152 (B)?

Razy.866152 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment