Categories: Malware

Ser.Razy.8924 malicious file

The Ser.Razy.8924 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ser.Razy.8924 virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Crashed cuckoomon during analysis. Report this error to the Github repo.
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • A system process is generating network traffic likely as a result of process injection
  • Behavior consistent with a dropper attempting to download the next stage.
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Exhibits behavior characteristics of Shifu malware.
  • Creates a hidden or system file
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Attempts to access Bitcoin/ALTCoin wallets
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

blatnoidomen.com
yxuonfb.info
etbslyi.info
vnuxbub.info
ttktbaq.info
uxuoben.info
yupbfku.info
wvvsoco.info
iufqoql.info
pmocirv.info
appjfwv.info
viusbjt.info
uwfdcdl.info
ahtwpgx.info
uuktbmr.info
wmoeccu.info
hcfpgiw.info
qqbhxpg.info
mmeyktd.info
oevcuyd.info
qpwgfyj.info
ewbpkpa.info
vnrwrtx.info
hxpqgwq.info
qlqcwrj.info
nwehqvy.info
ejdgrvj.info
lpixqwo.info
mmsnrby.info
foshwua.info
ctuxiba.info
roxbgnd.info
rqeaipd.info
sjibaok.info
irggoxo.info
nycatrh.info
dlcqjba.info
ihumfdk.info
xiuhsui.info
tohsqfw.info
hdkuwbr.info
wujrejp.info
wvtqocm.info
nyspdoj.info
tebghdh.info
ycgensv.info
vbximqn.info
wmguupl.info
qjyxgam.info
emlbtii.info
epsxeok.info
detwkka.info
tjemkyt.info
dygfsow.info
gwufvnk.info
bxjxaep.info
nmuojlj.info
gpiwwfx.info
kclkari.info
wfftmvt.info
nrnhpoe.info
mpbhlgi.info
raycgqo.info
ttvbkjl.info
dgfnnne.info
byinqoy.info
umcuulw.info
wvfwnlu.info
wywifph.info
uletlvs.info
ehmvtxs.info
kbljaqc.info
bhporvg.info
udjlkty.info
xdgeosv.info
clkarcq.info
fftmvtk.info
khmwoew.info
dcsdirq.info
etlvkmv.info
ngpnevf.info
bjixqyy.info
evmktmb.info
qyeogvu.info
ntkjtri.info
enmrlts.info
ohlggnm.info
hpqgwfh.info
jlarycp.info
ecdaojc.info
yvgfotn.info
bkisway.info
edgkusv.info
yxomwfn.info
rxkgxqp.info
cemqyda.info
hqtvxes.info
ehqraeg.info
livvkac.info
nrogaxv.info
jdwdgtm.info
vsgkwqn.info
mlngsru.info
giummwy.info
mnyottf.info
eqxitvg.info
wvvxjjc.info
pqyxfog.info
cdbjrsr.info
yewwfks.info
rrxixye.info
fvvvmcc.info
xofxfuw.info
jaukhyr.info
lqhetoc.info
eirtkoy.info
gylxmmm.info
lnkoser.info
swtfgei.info
srjtyno.info
ywrmlcy.info
jtgsqyn.info
ysxdeae.info
yapaggv.info
xdxtejt.info
paaywrm.info
fmejtst.info
oqeqnyc.info
sruhowc.info
fsumkab.info
ninruot.info
useabyl.info
cwcnbxs.info
hveemdk.info
klxopmw.info
jlmdqrh.info
euqrffx.info
abyxojm.info
nbktttq.info
wlnklru.info
xswqead.info
viawcpy.info
vxkadeq.info
xfhqfet.info
rmdkxbk.info
opmkgwd.info
deqijyx.info
fegwwlm.info
kcjyrhq.info
sscsyhj.info
uoulmvl.info
jratpnf.info
dnrdlsy.info
hmesorf.info
rqadwxm.info
wcpyktv.info
adqrujm.info
qrfswkk.info
wihoeon.info
naopugj.info
npdvthk.info
ragooxo.info
mljlssp.info
hpnfuct.info
dlsmisy.info
ggnvtmf.info
rtqvxpw.info
vdxkojp.info
cpdxrft.info
qwawwdh.info
upngxwl.info
ymyjfte.info
aqpegdd.info
rdftxkw.info
supjxxn.info
hkgumju.info
slqkhkm.info
mdfenie.info
esmglxt.info
gktjlra.info
nmkqtda.info
hltmgsr.info
qglufmh.info
cwijafn.info
qfuvfjj.info
efffkvu.info
ajigyqg.info
icitdbb.info
wcgsmrw.info
dbmhlrc.info
eqqwcgw.info
pluwwrp.info
svkrxoq.info
ygdthmj.info
bwadqmw.info
btlgqka.info
foaleuq.info
bomhhnt.info
bhlkrwb.info
sbfkjpv.info
osfdeju.info
bjphiii.info
glwvnjb.info
nyxxeon.info
wgaqfqw.info
otsyfji.info
omtyeck.info
hhnxwxc.info
sqrrrwi.info
kwbcbll.info
huwuglm.info
aufyofv.info
oasjfpi.info
mvnittd.info
ayglppd.info
talxggk.info
rhruanj.info
clhcrbx.info
ummcbsl.info
gywfvpm.info
vhavkgp.info
tcafkrp.info
puyflkp.info
rjaceoo.info
vcgbmrv.info
vbuhlql.info
kurwqmq.info
lmjlgto.info
xwijnnf.info
qddihrt.info
qqdbmns.info
lwvacml.info
jladrqh.info
poyomwf.info
tjtskyj.info
runmkbf.info
jaoaxqe.info
qyidwfh.info
soybilu.info
amudyil.info
jswbpyv.info
jjdtcas.info
ehcolni.info
dirdcpp.info
vfudcmb.info
dvggslw.info
pbtggqp.info
fwcjmua.info
jxxypwk.info
vsmldys.info
qajqwgq.info
dpextrj.info
tptmaoh.info
qxhwrlg.info
yufkrax.info
idxsnye.info
atidpao.info
ojxjubf.info
pnhbdrc.info
oiyavaf.info
mscicrj.info
gavgmgd.info
srgiyqn.info
gwdlnkc.info
ypqapww.info
wjlaewm.info
kybrcft.info
khbdsuk.info
jhbebni.info
tdqdakw.info
uxbncdi.info
lcbdqjh.info
hcgmudn.info
opwdvux.info
dxqwifw.info
vebvjkp.info
qdcfwuj.info
coejwvx.info
cypviqw.info
ddwvrkd.info
arqcxhp.info
tldsbru.info
vfllcls.info
gympmgs.info
ikdovwj.info
mpqcrwi.info
vpoqjku.info
qclqiie.info
ppejvfj.info
yppoqwu.info
crbsjwi.info
xgwdesk.info
sypgygv.info
rvflfia.info
jgyaoyf.info
kmecass.info
glqdndw.info
kdfafjm.info
gvrmxcy.info
jsaypaf.info
tbunyib.info
wcotckm.info
nbwttsk.info
ajvguqb.info
gaapvim.info
wnmtdaa.info
oauquhb.info
nyeyufk.info
bwigida.info
rybhpca.info
fdcxwjd.info
vfjpmvy.info
jwrpxeg.info
ksdcrkj.info
lpexfwk.info
cdkejjq.info
wfyxdln.info
butohky.info
chsuoma.info
tuovbav.info
lbwrrse.info
uxteuqy.info
caqeien.info
lmtesrj.info
sortyvx.info
smqtbkn.info
ccpxhkn.info
ddyukjf.info
veiiwdp.info
psxsoye.info
wyykkae.info
sqjpyrg.info
cfiujkx.info
ipprwgf.info
dpsraab.info
hnvuxto.info
iouejmc.info
cvrcicy.info
mguubfa.info
jnxuamw.info
blptqcf.info
yhbopwq.info
cujjrka.info
tgldlms.info
bfxmhuv.info
jixqyyg.info
drlsthb.info
apygbvd.info
slukrrb.info
gondvee.info
hbvjdxl.info
vpeqmft.info
silyyob.info
ivjexla.info
alqrgtn.info
abipprw.info
vujklra.info
jygovde.info
crkssha.info
ffmnbud.info
ytnbpie.info
bodgagj.info
jwqlymh.info
qfytgcu.info
ijqkyyg.info
dletsbu.info
tbbpjqr.info
eymnsey.info
fyhgvod.info
ciqpsep.info
dkkmrba.info
ouvwutc.info
oqqxfgg.info
epefgmu.info
kjyxjwg.info
ncuebbb.info
ppxqgfn.info
hcssyib.info
fmhsest.info
hbopwqf.info
cjjrkay.info
xnmvbmh.info
bxrqiex.info
xvgayun.info
ayyvohu.info
schkisw.info
qnedgku.info
jwyjoxw.info
omkvksq.info
hbqjfpp.info
bacijkb.info
uvdkkmr.info
xqgfmxu.info
fcrresy.info
gulyttr.info
atrpfvi.info
rfnsylt.info

How to determine Ser.Razy.8924?



File Info:

crc32: 037D2F62md5: 7cef1a5d9188926f0bebccb573b0df61name: 7CEF1A5D9188926F0BEBCCB573B0DF61.mlwsha1: 66edb1a1b062b6f9845c8930c036c3a4b0ed5bb9sha256: 55a6ac329fca1bc63bbb1f9d90bf1e980b3b3ea2c28ab4e3bc73e2764440c79asha512: c093f9c49ac999055cd6cf6b368deece9c468c74e3789b5c41fd3964294e6790574b7d6f358dc982b465bab3295c67aeee17368dab81d57540f92213bfd49a16ssdeep: 3072:EZfGmOxRFaOflz37FbXtwnDuipDFMQRN1SO/qjWoCPs3hPsOraS87FYqjTZbn4T:EZvUF3lz37FbeDGcCOCCoCPs3hPswa1type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ser.Razy.8924 also known as:

Bkav W32.AIDetect.malware1
K7AntiVirus Spyware ( 0055e3db1 )
Elastic malicious (high confidence)
DrWeb BackDoor.Siggen.59895
Cynet Malicious (score: 100)
ALYac Gen:Variant.Ser.Razy.8924
Cylance Unsafe
Zillya Trojan.Blocker.Win32.31195
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Ransom:Win32/Blocker.316a97d4
K7GW Spyware ( 0055e3db1 )
Cybereason malicious.d91889
Cyren W32/Rbot.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.Shiz.NCQ
APEX Malicious
Avast Win32:Shifu-B [Trj]
ClamAV Win.Trojan.Gamarue-9832405-0
Kaspersky Trojan-Ransom.Win32.Blocker.hnyt
BitDefender Gen:Variant.Ser.Razy.8924
NANO-Antivirus Trojan.Win32.Blocker.dvvioh
MicroWorld-eScan Gen:Variant.Ser.Razy.8924
Tencent Malware.Win32.Gencirc.10c722e3
Ad-Aware Gen:Variant.Ser.Razy.8924
Sophos Mal/Generic-R + Troj/Shiz-BO
Comodo TrojWare.Win32.Spy.Shiz.NCA@8m98i8
BitDefenderTheta Gen:NN.ZexaF.34692.kqW@aWle0Vm
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_SHIZ.C
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
FireEye Generic.mg.7cef1a5d9188926f
Emsisoft Gen:Variant.Ser.Razy.8924 (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan/Blocker.orm
Webroot W32.Blocker.Hnyt
Avira TR/Hijacker.Gen
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Generic.ASMalwS.13E8961
Kingsoft Win32.Heur.KVMH017.a.(kcloud)
Microsoft Trojan:Win32/Ditertag.A
AegisLab Trojan.Win32.Generic.lZLo
ZoneAlarm Trojan-Ransom.Win32.Blocker.hnyt
GData Gen:Variant.Ser.Razy.8924
TACHYON Ransom/W32.Blocker.173056.B
AhnLab-V3 Trojan/Win32.Shifu.R163798
Acronis suspicious
McAfee Trojan-Shifu!7CEF1A5D9188
MAX malware (ai score=100)
VBA32 Hoax.Blocker
Panda Trj/Genetic.gen
TrendMicro-HouseCall TSPY_SHIZ.C
Rising Ransom.Blocker!8.12A (CLOUD)
Yandex Trojan.Blocker!mXbek67PcCw
Ikarus Trojan-Banker.ShiFu
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Generic.AP.2272DE!tr
AVG Win32:Shifu-B [Trj]
Paloalto generic.ml

How to remove Ser.Razy.8924?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: abipprw.infoabyxojm.infoadqrujm.infoahtwpgx.infoajigyqg.infoajvguqb.infoalqrgtn.infoamudyil.infoappjfwv.infoapygbvd.infoaqpegdd.infoarqcxhp.infoatidpao.infoatrpfvi.infoaufyofv.infoayglppd.infoayyvohu.infobacijkb.infobfxmhuv.infobhlkrwb.infobhporvg.infobjixqyy.infobjphiii.infobkisway.infoblatnoidomen.comblptqcf.infobodgagj.infobomhhnt.infobtlgqka.infobutohky.infobwadqmw.infobwigida.infobxjxaep.infobxrqiex.infobyinqoy.infocaqeien.infoccpxhkn.infocdbjrsr.infocdkejjq.infocemqyda.infocfiujkx.infochsuoma.infociqpsep.infocjjrkay.infoclhcrbx.infoclkarcq.infocoejwvx.infocpdxrft.infocrbsjwi.infocrkssha.infoctuxiba.infocujjrka.infocvrcicy.infocwcnbxs.infocwijafn.infocypviqw.infodbmhlrc.infodcsdirq.infoddwvrkd.infoddyukjf.infodeqijyx.infodetwkka.infodgfnnne.infodirdcpp.infodkkmrba.infodlcqjba.infodletsbu.infodlsmisy.infodnrdlsy.infodpextrj.infodpsraab.infodrlsthb.infodvggslw.infodxqwifw.infodygfsow.infoecdaojc.infoedgkusv.infoefffkvu.infoehcolni.infoehmvtxs.infoehqraeg.infoeirtkoy.infoejdgrvj.infoemlbtii.infoenmrlts.infoepefgmu.infoepsxeok.infoeqqwcgw.infoeqxitvg.infoesmglxt.infoetbslyi.infoetlvkmv.infoeuqrffx.infoevmktmb.infoewbpkpa.infoeymnsey.infofcrresy.infofdcxwjd.infofegwwlm.infoffmnbud.infofftmvtk.infofmejtst.infofmhsest.infofoaleuq.infofoshwua.infofsumkab.infofvvvmcc.infofwcjmua.infofyhgvod.infogaapvim.infogavgmgd.infoggnvtmf.infogiummwy.infogktjlra.infoglqdndw.infoglwvnjb.infogondvee.infogpiwwfx.infogulyttr.infogvrmxcy.infogwdlnkc.infogwufvnk.infogylxmmm.infogympmgs.infogywfvpm.infohbopwqf.infohbqjfpp.infohbvjdxl.infohcfpgiw.infohcgmudn.infohcssyib.infohdkuwbr.infohhnxwxc.infohkgumju.infohltmgsr.infohmesorf.infohnvuxto.infohpnfuct.infohpqgwfh.infohqtvxes.infohuwuglm.infohveemdk.infohxpqgwq.infoicitdbb.infoidxsnye.infoihumfdk.infoijqkyyg.infoikdovwj.infoiouejmc.infoipprwgf.infoirggoxo.infoiufqoql.infoivjexla.infojaoaxqe.infojaukhyr.infojdwdgtm.infojgyaoyf.infojhbebni.infojixqyyg.infojjdtcas.infojladrqh.infojlarycp.infojlmdqrh.infojnxuamw.infojratpnf.infojsaypaf.infojswbpyv.infojtgsqyn.infojwqlymh.infojwrpxeg.infojwyjoxw.infojxxypwk.infojygovde.infokbljaqc.infokcjyrhq.infokclkari.infokdfafjm.infokhbdsuk.infokhmwoew.infokjyxjwg.infoklxopmw.infokmecass.infoksdcrkj.infokurwqmq.infokwbcbll.infokybrcft.infolbwrrse.infolcbdqjh.infolivvkac.infolmjlgto.infolmtesrj.infolnkoser.infolpexfwk.infolpixqwo.infolqhetoc.infolwvacml.infomdfenie.infomguubfa.infomljlssp.infomlngsru.infommeyktd.infommsnrby.infomnyottf.infompbhlgi.infompqcrwi.infomscicrj.infomvnittd.infonaopugj.infonbktttq.infonbwttsk.infoncuebbb.infongpnevf.infoninruot.infonmkqtda.infonmuojlj.infonpdvthk.infonrnhpoe.infonrogaxv.infontkjtri.infonwehqvy.infonycatrh.infonyeyufk.infonyspdoj.infonyxxeon.infooasjfpi.infooauquhb.infooevcuyd.infoohlggnm.infooiyavaf.infoojxjubf.infoomkvksq.infoomtyeck.infoopmkgwd.infoopwdvux.infooqeqnyc.infooqqxfgg.infoosfdeju.infootsyfji.infoouvwutc.infopaaywrm.infopbtggqp.infopluwwrp.infopmocirv.infopnhbdrc.infopoyomwf.infoppejvfj.infoppxqgfn.infopqyxfog.infopsxsoye.infopuyflkp.infoqajqwgq.infoqclqiie.infoqdcfwuj.infoqddihrt.infoqfuvfjj.infoqfytgcu.infoqglufmh.infoqjyxgam.infoqlqcwrj.infoqnedgku.infoqpwgfyj.infoqqbhxpg.infoqqdbmns.infoqrfswkk.infoqwawwdh.infoqxhwrlg.infoqyeogvu.infoqyidwfh.inforagooxo.inforaycgqo.infordftxkw.inforfnsylt.inforhruanj.inforjaceoo.informdkxbk.inforoxbgnd.inforqadwxm.inforqeaipd.inforrxixye.infortqvxpw.inforunmkbf.inforvflfia.inforxkgxqp.inforybhpca.infosbfkjpv.infoschkisw.infoSer.Razy.8924silyyob.infosjibaok.infoslqkhkm.infoslukrrb.infosmqtbkn.infosortyvx.infosoybilu.infosqjpyrg.infosqrrrwi.infosrgiyqn.infosrjtyno.infosruhowc.infosscsyhj.infosupjxxn.infosvkrxoq.infoswtfgei.infosypgygv.infotalxggk.infotbbpjqr.infotbunyib.infotcafkrp.infotdqdakw.infotebghdh.infotgldlms.infotjemkyt.infotjtskyj.infotldsbru.infotohsqfw.infotptmaoh.infottktbaq.infottvbkjl.infotuovbav.infoudjlkty.infouletlvs.infoumcuulw.infoummcbsl.infououlmvl.infoupngxwl.infouseabyl.infouuktbmr.infouvdkkmr.infouwfdcdl.infouxbncdi.infouxteuqy.infouxuoben.infovbuhlql.infovbximqn.infovcgbmrv.infovdxkojp.infovebvjkp.infoveiiwdp.infovfjpmvy.infovfllcls.infovfudcmb.infovhavkgp.infoviawcpy.infoviusbjt.infovnrwrtx.infovnuxbub.infovpeqmft.infovpoqjku.infovsgkwqn.infovsmldys.infovujklra.infovxkadeq.infowcgsmrw.infowcotckm.infowcpyktv.infowfftmvt.infowfyxdln.infowgaqfqw.infowihoeon.infowjlaewm.infowlnklru.infowmguupl.infowmoeccu.infownmtdaa.infowujrejp.infowvfwnlu.infowvtqocm.infowvvsoco.infowvvxjjc.infowywifph.infowyykkae.infoxdgeosv.infoxdxtejt.infoxfhqfet.infoxgwdesk.infoxiuhsui.infoxnmvbmh.infoxofxfuw.infoxqgfmxu.infoxswqead.infoxvgayun.infoxwijnnf.infoyapaggv.infoycgensv.infoyewwfks.infoygdthmj.infoyhbopwq.infoymyjfte.infoyppoqwu.infoypqapww.infoysxdeae.infoytnbpie.infoyufkrax.infoyupbfku.infoyvgfotn.infoywrmlcy.infoyxomwfn.infoyxuonfb.info
3 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago