Trojan

Trojan:Win32/Razy.BM!MSR malicious file

Malware Removal

The Trojan:Win32/Razy.BM!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Razy.BM!MSR virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

mydynamite.dynv6.net
edgedl.gvt1.com
update.googleapis.com
redirector.gvt1.com
r6—sn-4g5ednek.gvt1.com

How to determine Trojan:Win32/Razy.BM!MSR?



File Info:

crc32: 1B26606E
md5: dc4f0eb2ebcb9f080e671472be7c140d
name: DC4F0EB2EBCB9F080E671472BE7C140D.mlw
sha1: 9d53f7a5ac48260c6b7affb11c098eb660d9bf9d
sha256: bade0f195e312161612d9abe98eaa682bec5fc2b56d11d31517a63c9d7ea6284
sha512: f324526c778d20a1e88b21157c36204b2553021b831cec2e17ef8af6365396a1b350143ae8a39a1ccb4398c313b6fbd454a326ab12f0505f97ff9c75fff4374e
ssdeep: 24576:2GWYdbJCrFbyUXxvmFJuQPVmQ+13sYC5IyKCleed4FHXq1o3C7earRwEyvbfER:354Q+13sY8IyKh22HXcuC7frOLfER
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan:Win32/Razy.BM!MSR also known as:

MicroWorld-eScanGen:Variant.Razy.837266
CAT-QuickHealTrojan.Multi
McAfeeRDN/Generic.dx
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005775fb1 )
BitDefenderGen:Variant.Razy.837266
K7GWTrojan ( 005775fb1 )
Cybereasonmalicious.2ebcb9
CyrenW32/Trojan.SDLN-5666
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:RATX-gen [Trj]
KasperskyHEUR:Backdoor.Win32.Konus.gen
AlibabaBackdoor:Win32/GenKryptik.511d2d6a
NANO-AntivirusTrojan.Win32.Konus.ilkfzx
ViRobotTrojan.Win32.Z.Razy.945152.P
RisingTrojan.GenKryptik!8.AA55 (TFE:5:qWCn6ejxytB)
Ad-AwareGen:Variant.Razy.837266
EmsisoftGen:Variant.Razy.837266 (B)
ComodoMalware@#3oekpw88c91pi
F-SecureTrojan.TR/Kryptik.uigpt
DrWebTrojan.PWS.Banker1.36651
ZillyaTrojan.GenKryptik.Win32.73322
TrendMicroTrojanSpy.Win32.ARTEMIS.USMANB521
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.dc4f0eb2ebcb9f08
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
AviraTR/Kryptik.uigpt
MAXmalware (ai score=82)
Antiy-AVLTrojan[Backdoor]/Win32.Konus
MicrosoftTrojan:Win32/Razy.BM!MSR
GridinsoftTrojan.Win32.Kryptik.oa
ArcabitTrojan.Razy.DCC692
ZoneAlarmHEUR:Backdoor.Win32.Konus.gen
GDataGen:Variant.Razy.837266
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.Reputation.C4323906
VBA32BScope.Trojan.Wacatac
ALYacTrojan.Agent.Kronos
MalwarebytesSpyware.PasswordStealer
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/GenKryptik.FAYR
TrendMicro-HouseCallTrojanSpy.Win32.ARTEMIS.USMANB521
YandexTrojan.GenKryptik!YJQo7ix8zQY
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKryptik.FAYR!tr
BitDefenderThetaGen:NN.ZexaF.34804.5yW@aa3xdxmi
AVGWin32:RATX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Kryptik.HxQBGwsA

How to remove Trojan:Win32/Razy.BM!MSR?

Trojan:Win32/Razy.BM!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment