Categories: Malware

Tedy.60522 removal

The Tedy.60522 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tedy.60522 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Created a service that was not started

How to determine Tedy.60522?



File Info:

name: 6499BF7F6410281C35B1.mlwpath: /opt/CAPEv2/storage/binaries/8f60960023d9dc34daafcea6ca9f279108cf978061fecd19efded3314f9bd1adcrc32: 7BCB9421md5: 6499bf7f6410281c35b1f1d27bdbe1cfsha1: 4ad8e2f6d8b2e026861677f5f24c87029b723050sha256: 8f60960023d9dc34daafcea6ca9f279108cf978061fecd19efded3314f9bd1adsha512: b5afd16b5fa6190f97c7284afee8c65a7f71c5d3c4081be4254cfa5f3f60192f9be65f3d156b81a745115899a857a5d6b4aae031032874703ab13c8e582251d6ssdeep: 49152:jA3VGgBq+Cujvdh8LSWQibdk62Oaefjipm6iOOxblm:jxzlujFh5WQibecUiPltype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1279501386332C06AC49017B8DC6D9AF5163C3F70F674D983B3B87D867A71682B627295sha3_384: 46ebde7f1a79600e56e5896f7cb1736fb637a641b7083e2474e360443e8a1339136b25a19b1a7a3de532e52dab8be395ep_bytes: 558bec6aff6808ac5700687087570064timestamp: 2021-12-02 05:21:51

Version Info:

0: [No Data]

Tedy.60522 also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Razy.a!c
Elastic malicious (high confidence)
FireEye Generic.mg.6499bf7f6410281c
McAfee GenericRXRA-PA!6499BF7F6410
Cylance Unsafe
Sangfor Trojan.Win32.Razy.gen
K7AntiVirus Trojan ( 005606b51 )
Alibaba TrojanDownloader:Win32/Kryptik.f4efe70a
K7GW Trojan ( 005606b51 )
Cybereason malicious.6d8b2e
Cyren W32/FakeAlert.FY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HBAI
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Downloader.Win32.Razy.gen
BitDefender Gen:Variant.Tedy.60522
MicroWorld-eScan Gen:Variant.Tedy.60522
Avast Win32:CrypterX-gen [Trj]
Tencent Win32.Trojan-downloader.Razy.Woqb
Ad-Aware Gen:Variant.Tedy.60522
Emsisoft Gen:Variant.Tedy.60522 (B)
DrWeb Trojan.Siggen16.1839
TrendMicro TROJ_GEN.R002C0WL921
McAfee-GW-Edition BehavesLike.Win32.Worm.tc
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
GData Win32.Trojan.PSE.1QRPSAL
Avira HEUR/AGEN.1142521
Antiy-AVL Trojan/Win32.Kryptik
Gridinsoft Ransom.Win32.Sabsik.sa
Arcabit Trojan.Tedy.DEC6A
Microsoft Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3 Trojan/Win.Generic.R455965
BitDefenderTheta Gen:NN.ZexaF.34114.9DW@aqBB@Uzi
ALYac Gen:Variant.Tedy.60522
MAX malware (ai score=89)
VBA32 TrojanDownloader.Razy
Malwarebytes Adware.Agent.SFP.Generic
TrendMicro-HouseCall TROJ_GEN.R002C0WL921
Rising Downloader.Razy!8.10824 (TFE:dGZlOgGepfDwvV8vgQ)
Yandex Trojan.Kryptik!ZfjqGrnDFhc
SentinelOne Static AI – Malicious PE
Fortinet W32/Kryptik.HATU!tr
AVG Win32:CrypterX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_80% (W)
MaxSecure Trojan.Malware.300983.susgen

How to remove Tedy.60522?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Tedy.60522
2 years ago

Recent Posts

About “TrojanDownloader:Win32/Beebone.AZ” infection

The TrojanDownloader:Win32/Beebone.AZ is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago

Should I remove “Renos.76”?

The Renos.76 is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago

About “Zusy.473197” infection

The Zusy.473197 is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago

Win32:FakeAV-BGX [Drp] (file analysis)

The Win32:FakeAV-BGX [Drp] is considered dangerous by lots of security experts. When this infection is…

32 mins ago

What is “Trojan:Win32/Clustinex!C”?

The Trojan:Win32/Clustinex!C is considered dangerous by lots of security experts. When this infection is active,…

42 mins ago

About “Magic.Virus.FileInfector.DDS” infection

The Magic.Virus.FileInfector.DDS is considered dangerous by lots of security experts. When this infection is active,…

47 mins ago