About “Trojan-Downloader.Win32.Razy.bgak” infection

The Trojan-Downloader.Win32.Razy.bgak is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Razy.bgak virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Scheduled file move on reboot detected
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Dynamic (imported) function loading detected
• Enumerates running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• Sniffs keystrokes
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• Steals private information from local Internet browsers
• Exhibits possible ransomware file modification behavior
• Likely virus infection of existing system binary

How to determine Trojan-Downloader.Win32.Razy.bgak?

File Info:
name: FBAB4CC96A87044D9FE9.mlw
path: /opt/CAPEv2/storage/binaries/0fceb7e93d6f576d0f8ba29541308f19c49ea94d6dc012c2ba670402336ce2f6
crc32: B9395E42
md5: fbab4cc96a87044d9fe9f482ff1b0073
sha1: 9785f9b7cbab61c7e855e4e34056847dfe847ae2
sha256: 0fceb7e93d6f576d0f8ba29541308f19c49ea94d6dc012c2ba670402336ce2f6
sha512: 103745483f94368c5b90ee4e97a647e9cbfbf5c4075302527220f92c1a5343d0fc4abe61cdbbc62e7d202c8c3c52a8b47cd54ba7a339632c8bd2ac79723bb3ee
ssdeep: 98304:fpKcCCT1EJhTf0hfUw34oZu/9qIApJCpu1T/Dxil0Sjth+5WlFlx:AcCCT1EJtfqcoZulqFpgA9NSjzgiFv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111162303A604F63ACC30DAF3941A414667376C79DB89A5173188B23F2EF2567D63E64E
sha3_384: 176c234ba994393458bfb54863f4c907d98de55c1d8e8aaaf7a0e47c1f6c6246f3cac73942d90007f0dc2ab1499e5b99
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: ManiacTools.com                                             
FileDescription: AudioConverter Studio Setup                                 
FileVersion:                     
ProductName: AudioConverter Studio                                       
ProductVersion:                                                   
LegalCopyright: 
Translation: 0x0000 0x04b0

Trojan-Downloader.Win32.Razy.bgak also known as:

How to remove Trojan-Downloader.Win32.Razy.bgak?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.