Trojan

About “Trojan:Win32/Racealer.PAA!MTB” infection

Malware Removal

The Trojan:Win32/Racealer.PAA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Racealer.PAA!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Executed a process and injected code into it, probably while unpacking
  • Creates a copy of itself

How to determine Trojan:Win32/Racealer.PAA!MTB?



File Info:

crc32: 477F940A
md5: 08b419d04b2355a87d36c1e9cd6709a9
name: 08B419D04B2355A87D36C1E9CD6709A9.mlw
sha1: 70a3acbc59e94433d51ac89f7b714bddde6e4b54
sha256: c7e6c31cbe36b1c92d7be9f7b1928c2d9e444abc84aa78241fd800784edd4c71
sha512: f33a68860df8e9a19f802ce893b90207815e1e1b97e93c743535ce2603fcc22fbd7e331f931b02c88383befd63d041b284ef86db541baaac2d2717883d92fd71
ssdeep: 24576:nA3ksnsvgxBapAz4jVuEqb3pkDxv7dONf:Gq1pBuhwv
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: gdfg
InternalName: dfgd
FileVersion: dfgdf
PrivateBuild: df gdfdfg
LegalTrademarks: dfggd
ProductName:  dfg dfgdfg
ProductVersion: 1, 0, 0, 1
FileDescription: 23 42 
OriginalFilename: gdfdfg
Translation: 0x0419 0x04b0

Trojan:Win32/Racealer.PAA!MTB also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36325067
FireEyeGeneric.mg.08b419d04b2355a8
Qihoo-360Win32/Trojan.Generic.HwgAMboA
ALYacTrojan.GenericKD.36325067
CylanceUnsafe
SangforTrojan.Win32.FTJU.me
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Mansabo.c12249fa
K7GWRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaF.34804.1y3@aWJDVwhc
CyrenW32/Trojan.MUOD-0977
SymantecTrojan.Gen.2
TrendMicro-HouseCallTROJ_FRS.0NA103BC21
AvastWin32:MalwareX-gen [Trj]
KasperskyTrojan.Win32.Mansabo.gpz
BitDefenderTrojan.GenericKD.36325067
Paloaltogeneric.ml
AegisLabTrojan.Win32.Mansabo.4!c
TencentWin32.Trojan.Falsesign.Hfg
Ad-AwareTrojan.GenericKD.36325067
EmsisoftTrojan.Agent (A)
ComodoMalware@#xuij014fzqgv
F-SecureTrojan.TR/AD.TrickBot.pdtoj
DrWebTrojan.KillProc2.15084
TrendMicroTROJ_FRS.0NA103BC21
McAfee-GW-EditionTrojan-FTJU!08B419D04B23
SentinelOneStatic AI – Malicious PE
SophosMal/Generic-S
APEXMalicious
JiangminTrojan.Mansabo.cbo
WebrootW32.Malware.Gen
AviraTR/AD.TrickBot.pdtoj
MAXmalware (ai score=87)
Antiy-AVLTrojan/Win32.Mansabo
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftTrojan.Win32.Agent.oa
MicrosoftTrojan:Win32/Racealer.PAA!MTB
ZoneAlarmTrojan.Win32.Mansabo.gpz
GDataWin32.Trojan.PSE.L1FB7T
CynetMalicious (score: 85)
AhnLab-V3Trojan/Win32.Fuerboos.R365915
McAfeeTrojan-FTJU!08B419D04B23
VBA32BScope.TrojanPSW.Racealer
MalwarebytesSpyware.FickerStealer
ESET-NOD32a variant of Win32/Kryptik.HJJW
RisingBackdoor.Mokes!1.CECE (CLASSIC)
IkarusTrojan.Win32.Krypt
eGambitPE.Heur.InvalidSig
FortinetW32/GenKryptik.FBLC!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Racealer.PAA!MTB?

Trojan:Win32/Racealer.PAA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment