Malware

Should I remove “Razy.881549”?

Malware Removal

The Razy.881549 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.881549 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Creates known SpyNet mutexes and/or registry changes.
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
cochemas.hopto.org

How to determine Razy.881549?



File Info:

crc32: D450DA1E
md5: f8c43377633eaa75a1b7932e5f5c6e0e
name: F8C43377633EAA75A1B7932E5F5C6E0E.mlw
sha1: 1508140758d1f8601c06569aefdba54070687c66
sha256: 1a38420b58d30a28cbde249bac4a1fe2cefd0a87c7355402ceb26f50c8f71054
sha512: 0205525f1815773093bc8f39b320df4232ddca18d81c6adf3b8a87da2cfef2953e6dbf40d8879f787ae8e6cfe557552da10a01f36632d710f933ab68074c0d0e
ssdeep: 49152:/tRXJazcfwrQdn4HInJh9T/9j56/zLUIRLG80I4TV:/tRXJzwIYIn3Tj5E5Rr0I4x
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Abdio Software Inc
Assembly Version: 6.1.1.1
InternalName: Word-Reader5.5.exe
FileVersion: 2.1.2.3
CompanyName: Abdio Software Inc
LegalTrademarks: Word-Reader5.5
Comments: *Description*
ProductName: 2V3QM7J3x641814x63a259KC21
ProductVersion: 2.1.2.3
FileDescription: Read Docx,DOC,RTF,HTML,TXT,HTM,etc.
OriginalFilename: Word-Reader5.5.exe

Razy.881549 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0049be171 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoad4.662
ClamAVWin.Trojan.Johnnie-7136133-1
McAfeeGenericRXEC-SF!F8C43377633E
CylanceUnsafe
ZillyaBackdoor.Bladabindi.Win32.8774
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 0049be171 )
Cybereasonmalicious.7633ea
CyrenW32/Injector.MA.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.BPED
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyBackdoor.MSIL.Bladabindi.akuj
BitDefenderGen:Variant.Razy.881549
NANO-AntivirusTrojan.Win32.Bladabindi.exlsuz
MicroWorld-eScanGen:Variant.Razy.881549
TencentMalware.Win32.Gencirc.10ba56af
Ad-AwareGen:Variant.Razy.881549
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZevbaF.34236.Tn3@ayW@WKk
VIPRETrojan.Win32.Generic!BT
TrendMicroCoinminer_MALXMR.SMV-WIN32
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGeneric.mg.f8c43377633eaa75
EmsisoftGen:Variant.Razy.881549 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.MSIL.adnj
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.2446FA8
MicrosoftVirTool:Win32/VBInject.PI!bit
ZoneAlarmBackdoor.MSIL.Bladabindi.akuj
GDataGen:Variant.Razy.881549
AhnLab-V3Backdoor/Win32.Bladabindi.R221426
VBA32Backdoor.MSIL.Bladabindi
MAXmalware (ai score=86)
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/Genetic.gen
TrendMicro-HouseCallCoinminer_MALXMR.SMV-WIN32
YandexTrojan.GenAsa!eu1rwZqqzUo
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.ANKG!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Razy.881549?

Razy.881549 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment