Malware

Ser.Razy.4158 (B) removal instruction

Malware Removal

The Ser.Razy.4158 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ser.Razy.4158 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup

How to determine Ser.Razy.4158 (B)?



File Info:

name: A28583CBC98B62B0CEAC.mlw
path: /opt/CAPEv2/storage/binaries/8eee264d44e3c2525c8bd00a7170e905b8826c65c614f14f4ca2817b9eed5a52
crc32: B61AFCDD
md5: a28583cbc98b62b0ceaca6cadf2cbdaf
sha1: 8535a1f089753186361055b764c31be0ed6ba1f3
sha256: 8eee264d44e3c2525c8bd00a7170e905b8826c65c614f14f4ca2817b9eed5a52
sha512: be91f1cff5d60c93ffce80722e38088addabed5cf2b8dfb71f447f4ae8228cdcea0d7d620e85cf9a564ac79108f24752da4745fb75046f80ba8c6cea39b3d7a3
ssdeep: 12288:ABP1hcvzHRVdphtSBVU1ANsBEjq/Fh2fx:A9LQHdqdu9mx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5D4AE19FB427A1AC1A3493D8915C2E0A7A6DD03AD51AE0FF4C0760FBA394D74E173DA
sha3_384: 022121c113bf6bd016146a8cce8aebc4b0e37b59087048e4b3893e14568a4994af298efa2722e208f681c43d28d664bb
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-02-16 09:06:12


Version Info:

Translation: 0x0000 0x04b0
CompanyName: ойHшدтa
FileDescription: شىSفB
FileVersion: 1.2.6.4
InternalName: ضodK.exe
LegalCopyright: 2013
OriginalFilename: ضodK.exe
ProductVersion: 1.2.6.4
Assembly Version: 1.6.0.4

Ser.Razy.4158 (B) also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ser.Razy.4158
McAfeeGenericRXAO-AQ!A28583CBC98B
CylanceUnsafe
VIPREGen:Variant.Ser.Razy.4158
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0048f06e1 )
BitDefenderGen:Variant.Ser.Razy.4158
K7GWTrojan ( 0048f06e1 )
Cybereasonmalicious.bc98b6
ArcabitTrojan.Ser.Razy.D103E
BaiduMSIL.Worm.Agent.ag
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Agent.JR
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:MSIL/Generic.1c20fb96
NANO-AntivirusTrojan.Win32.Agent.esceoe
RisingTrojan.Generic/MSIL@AI.98 (RDM.MSIL:3se168ppSLtrotng0dsrwA)
Ad-AwareGen:Variant.Ser.Razy.4158
EmsisoftGen:Variant.Ser.Razy.4158 (B)
DrWebTrojan.DownLoader14.12277
ZillyaTrojan.Pastey.Win32.38
McAfee-GW-EditionGenericRXAO-AQ!A28583CBC98B
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a28583cbc98b62b0
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1221785
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.4A4B
MicrosoftTrojan:Win32/Skeeyah.A!rfn
GDataGen:Variant.Ser.Razy.4158
CynetMalicious (score: 99)
AhnLab-V3Worm/Win32.Agent.R146456
Acronissuspicious
ALYacGen:Variant.Ser.Razy.4158
PandaTrj/GdSda.A
TencentMsil.Worm.Agent.Llgv
YandexTrojan.PWS.Pastey!VybXZ6kkd2M
IkarusWorm.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.JR!tr
BitDefenderThetaGen:NN.ZemsilF.34806.Km0@ai8ryvm
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Ser.Razy.4158 (B)?

Ser.Razy.4158 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment