Trojan

About “Trojan-PSW.Win32.Racealer.mrp” infection

Malware Removal

The Trojan-PSW.Win32.Racealer.mrp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.Racealer.mrp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the Raccoon malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan-PSW.Win32.Racealer.mrp?



File Info:

name: 294834FC53AE2B941D74.mlw
path: /opt/CAPEv2/storage/binaries/a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
crc32: 55249DD7
md5: 294834fc53ae2b941d748a1a5dd4b97a
sha1: 630b4711ad0e7db299eb30662be5f53bf15c98b9
sha256: a9beda964b8371b181392b0f086a0bb5cee0fc2cedf0bba5753882331d855336
sha512: 1bf995115236fc572cb3e338c3403a0bc26526002e5394bbf6dd64a3c3b2a0e09e393f5f95d441245005d8a5b0ddce886f49311d94b868326ce0d49e9ba9ca24
ssdeep: 24576:f1tqNFaeWrr5Hk7MsPixvPrzjjNzOhko9XiphkqkEaHNYK3wlY9IpkRM:fqNFvUSv+7jNzOmtNaQOe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1786533DB53C43C38E3CC08B00D26C7A26F7A69704EF4B6726A569106DFE5F8276191A7
sha3_384: a4305816deb06ce79c8d52034a04cbfeb142b51b669fdafe9ea83211685f20cff1a4c388f2c8faa41c6dc280dbd4db96
ep_bytes: 6801d06b00e801000000c3c39faa6ed2
timestamp: 2021-11-07 12:29:14


Version Info:

Comments: vrRMAoK
CompanyName: d2HX27J
FileDescription: XXgE0Vp
FileVersion: 2,3,0,0
InternalName: 9YgTo1t
LegalCopyright: oCG04Nf
OriginalFilename: bPU3njM
ProductName: QYxicoR
ProductVersion: 2,3,0,0
Assembly Version: 2,3,0,0
Translation: 0x0000 0x04b0

Trojan-PSW.Win32.Racealer.mrp also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Racealer.i!c
MicroWorld-eScanTrojan.GenericKD.38136178
FireEyeGeneric.mg.294834fc53ae2b94
CAT-QuickHealTrojanpws.Racealer
ALYacTrojan.GenericKD.38136178
CylanceUnsafe
ZillyaTrojan.Asprotect.Win32.32
SangforTrojan.Win32.Asprotect.KG
K7AntiVirusTrojan ( 0058adc31 )
AlibabaTrojanPSW:Win32/Racealer.bdc987d9
K7GWTrojan ( 0058adc31 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34084.wP2aay0GuMf
CyrenW32/Stealer.S.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Asprotect.KG
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-PSW.Win32.Racealer.mrp
BitDefenderTrojan.GenericKD.38136178
NANO-AntivirusTrojan.Win32.Stealer.jikoww
AvastWin32:PWSX-gen [Trj]
TencentWin32.Trojan-qqpass.Qqrob.Hqvo
Ad-AwareTrojan.GenericKD.38136178
SophosMal/Generic-S
F-SecureTrojan.TR/AD.StellarStealer.gwosn
DrWebTrojan.PWS.Stealer.31482
TrendMicroTROJ_FRS.0NA103KU21
McAfee-GW-EditionGenericRXQY-ZT!294834FC53AE
EmsisoftTrojan.GenericKD.38136178 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.PSW.Racealer.dnh
WebrootW32.Trojan.FL
AviraTR/AD.StellarStealer.gwosn
Antiy-AVLTrojan[Packed]/Win32.Asprotect
KingsoftWin32.PSWTroj.Undef.(kcloud)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GridinsoftTrojan.Heur!.01216031
ArcabitTrojan.Generic.D245E972
ViRobotTrojan.Win32.Z.Sabsik.1410440
GDataTrojan.GenericKD.38136178
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Racealer.R453845
McAfeeGenericRXQY-ZT!294834FC53AE
MAXmalware (ai score=86)
VBA32BScope.Trojan.Downloader
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_FRS.0NA103KU21
YandexTrojan.PWS.Racealer!1OEeQBVVsDI
IkarusTrojan.Win32.ASProtect
MaxSecureTrojan.Malware.133193389.susgen
FortinetW32/PossibleThreat
AVGWin32:PWSX-gen [Trj]
PandaTrj/CI.A

How to remove Trojan-PSW.Win32.Racealer.mrp?

Trojan-PSW.Win32.Racealer.mrp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment