Trojan

What is “Trojan-PSW.Win32.Racealer.njs”?

Malware Removal

The Trojan-PSW.Win32.Racealer.njs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.Racealer.njs virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key

How to determine Trojan-PSW.Win32.Racealer.njs?



File Info:

name: EAF32978954ABAFB6F92.mlw
path: /opt/CAPEv2/storage/binaries/b000207baef8b133af9d95834b6125e573877bdc4dbc73cde0317d05e61983e2
crc32: 8A99D428
md5: eaf32978954abafb6f928980f7bf21c0
sha1: 0d4f9df330c2c492118badb4991d08243f51798b
sha256: b000207baef8b133af9d95834b6125e573877bdc4dbc73cde0317d05e61983e2
sha512: 6546ee11a5c4dbcd360defb10f54e4c96d55b7840577cb3bdce7e7b9d536efa066d2fbed21fe3c9ecd6e3d0470f73a6fe7f5fc35eb7ed881e9532b4762f64a73
ssdeep: 196608:E5hPJmKHBLZfQfugwWwGZj+TUsVE3LPJ2AW/cY:EpJbpZIWgDw2j+grjW/c
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T100562313639EC3B4E7725173BA1573116EBF786606E1F4AB1FD80D3CAE2006152E96A3
sha3_384: b1f1b1ef85c04bba23ea4db5364c80b01d75e3281ea8335075eb4e518a1d173a8a4876d9311c18a4c84e85bb6d647613
ep_bytes: e86ace0000e97ffeffffcccc57568b74
timestamp: 2021-10-21 18:29:15


Version Info:

Comments: 
CompanyName: www.startisback.com
FileDescription: StartAllBack v3.0.0
FileVersion: 3.0.0.0
LegalCopyright: © www.startisback.com
ProductName: StartAllBack v3.0.0
Translation: 0x0409 0x04b0

Trojan-PSW.Win32.Racealer.njs also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanAIT:Trojan.Nymeria.3948
FireEyeGeneric.mg.eaf32978954abafb
CAT-QuickHealTrojan.GenericRI.S25216062
McAfeeArtemis!EAF32978954A
CylanceUnsafe
K7AntiVirusTrojan ( 0056a6f61 )
AlibabaPacked:Win32/Themida.7666dc4b
K7GWTrojan ( 0056a6f61 )
CrowdStrikewin/malicious_confidence_60% (D)
BitDefenderThetaGen:NN.ZexaE.34182.4H0@a4AsE1ii
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Packed.Themida.HNN
TrendMicro-HouseCallTROJ_GEN.R002C0PB422
Paloaltogeneric.ml
KasperskyTrojan-PSW.Win32.Racealer.njs
BitDefenderAIT:Trojan.Nymeria.3948
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:PWSX-gen [Trj]
EmsisoftAIT:Trojan.Nymeria.3948 (B)
TrendMicroTROJ_GEN.R002C0PB422
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.vc
SophosMal/Generic-S
IkarusTrojan.Win32.Themida
AviraHEUR/AGEN.1207785
Antiy-AVLTrojan/Generic.ASMalwS.3520F45
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.Z.Themida.6406656
ZoneAlarmTrojan-PSW.Win32.Racealer.njs
GDataGen:Variant.Razy.639372 (2x)
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R442653
ALYacGen:Variant.Razy.639372
MAXmalware (ai score=85)
APEXMalicious
RisingMalware.Strealer!8.1EF (CLOUD)
eGambitUnsafe.AI_Score_81%
FortinetW32/Trojan_AutoIt.AR!tr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.8954ab
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan-PSW.Win32.Racealer.njs?

Trojan-PSW.Win32.Racealer.njs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment