Categories: Trojan

Trojan-PSW.Win32.Racealer.klv removal

The Trojan-PSW.Win32.Racealer.klv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-PSW.Win32.Racealer.klv virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Presents an Authenticode digital signature
Creates RWX memory
Attempts to connect to a dead IP:Port (5 unique times)
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to create or modify system certificates
Collects information to fingerprint the system

Related domains:

z.whorecord.xyz

a.tomx.xyz

telete.in

apps.identrust.com

globalsalespartscn.top

How to determine Trojan-PSW.Win32.Racealer.klv?


File Info:
crc32: F9333FDBmd5: db69473264541b849ea07dd14145e474name: DB69473264541B849EA07DD14145E474.mlwsha1: 23ce2f756ad28d5f9105a53fa9a0336b7b3a1812sha256: 206d4558adb79d04957b1302845faa54d2778d40a117f69b7f40397425aabefesha512: bfc69a35ffdb6d1c04b1093d656bc18056077d335485904c1888673e0cf058a1de0f36592fa94ef3d04fd2bdb32df5fc59652671e79850019b3469b22b9140ebssdeep: 12288:JP3AP6xw3dTOuV1Oj/7vR8HOmZxnYEhkE5jUf1miz:JP3AP6G3kj/7v2dZdREPtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Oreans TechnologiesAssembly Version: 3.1.0.0InternalName: Virtualizer.exeFileVersion: 3.1.0.0CompanyName: Oreans TechnologiesComments: Code Virtualizer - Obfuscation System and Reverse EngineeringProductVersion: 3.1.0.0FileDescription: Code Virtualizer - Obfuscation System and Reverse EngineeringOriginalFilename: Virtualizer.exeTranslation: 0x0000 0x04b0

Trojan-PSW.Win32.Racealer.klv also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36225931
FireEye	Generic.mg.db69473264541b84
CAT-QuickHeal	Trojanpws.Racealer
ALYac	Trojan.GenericKD.36225931
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Racealer.i!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0057680d1 )
BitDefender	Trojan.GenericKD.36225931
K7GW	Trojan ( 0057680d1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Trojan.UNIZ-0428
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-PSW.Win32.Racealer.klv
Alibaba	TrojanPSW:Win32/Racealer.7ac26248
ViRobot	Trojan.Win32.C.Agent.889896
Rising	Trojan.Injector!1.C6AF (CLASSIC)
Ad-Aware	Trojan.GenericKD.36225931
Sophos	Mal/Generic-S
Comodo	Malware@#6d8qby9vdtxu
F-Secure	Trojan.TR/Injector.bujaf
Zillya	Trojan.Injector.Win32.822943
TrendMicro	TROJ_GEN.R002C0WAP21
McAfee-GW-Edition	RDN/Generic PWS.y
Emsisoft	Trojan.GenericKD.36225931 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.PSW.Racealer.brq
Webroot	W32.Malware.Gen
Avira	TR/Injector.bujaf
MAX	malware (ai score=99)
Microsoft	Trojan:Win32/Ymacco.AA20
Arcabit	Trojan.Generic.D228C38B
ZoneAlarm	Trojan-PSW.Win32.Racealer.klv
GData	Trojan.GenericKD.36225931
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	RDN/Generic PWS.y
VBA32	TrojanPSW.Racealer
Malwarebytes	Spyware.PasswordStealer
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Injector.EOFI
TrendMicro-HouseCall	TROJ_GEN.R002C0WAP21
Tencent	Win32.Trojan-qqpass.Qqrob.Wstt
Ikarus	Trojan.Win32.Swisyn
Fortinet	W32/Racealer.KLV!tr.pws
AVG	Win32:Malware-gen
Cybereason	malicious.56ad28
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.PSW.2a3