Categories: Malware

Kazy.17327 removal guide

The Kazy.17327 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Kazy.17327 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:5005
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Anomalous binary characteristics

How to determine Kazy.17327?



File Info:

name: 7F9F142500DE7166B16C.mlwpath: /opt/CAPEv2/storage/binaries/61299225e8c7141b06a92e2b2601c70e4fcad922be9ca433146186dc0bf10fdfcrc32: 4BBB78FEmd5: 7f9f142500de7166b16ccedc3879c9cesha1: 35fe7bc9e86356bc6e492beb7a0c007a68b6dcfbsha256: 61299225e8c7141b06a92e2b2601c70e4fcad922be9ca433146186dc0bf10fdfsha512: 1eb185ea52400740980825fc9e7afb4c89dbf6af2cf123bc10373fc6020a7a8b9030a03ef07635f7f1ed57511751b493f80fd5311097115fa748ef60885a4fd6ssdeep: 3072:gqGHWTPeOGtAqn5cvMybJhJXrGrm2wOx2tS6V/Kg6dj9oXwoGgOjTxT:FCHEyrBFWWx9C38TxTtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T136D3E067E646AD54C26848F9625FEF7C82938453AB2C4289DE7F0F07E8F2F113291D58sha3_384: fba5dc40773141e10098662d114d916db89b8afad104149b953676891ddee8b3dbd8703c53be126752267539a9113d55ep_bytes: 60be0090d3008dbe00806cffc78708e0timestamp: 2009-03-03 19:16:23

Version Info:

0: [No Data]

Kazy.17327 also known as:

Bkav W32.MosquitoQKB.Fam.Trojan
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Kazy.17327
FireEye Generic.mg.7f9f142500de7166
ALYac Gen:Variant.Kazy.17327
Cylance Unsafe
Zillya Trojan.Jorik.Win32.3735
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Backdoor:Win32/Votwup.18ae113e
K7GW Trojan ( f1000f011 )
K7AntiVirus Trojan ( f1000f011 )
VirIT Trojan.Win32.Jorik.Tierry.AH
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Votwup.T
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Kazy.17327
NANO-Antivirus Trojan.Win32.Jorik.bywnp
Avast Win32:Kryptik-BHL [Trj]
Tencent Win32.Trojan.Falsesign.Altf
Ad-Aware Gen:Variant.Kazy.17327
Sophos Mal/Generic-R + Troj/PWS-BQS
Comodo Suspicious@#2d8c1545a42o7
F-Secure Trojan.TR/Crypt.ULPM.Gen
DrWeb BackDoor.DarkNess.25
VIPRE Packed.Win32.PWSZbot.gen (v)
TrendMicro TROJ_JORIK.FP
McAfee-GW-Edition W32/Pinkslipbot.gen.ae
Emsisoft Gen:Variant.Kazy.17327 (B)
Ikarus Trojan-PWS.Win32.Zbot
GData Gen:Variant.Kazy.17327
Jiangmin Trojan/Jorik.duc
Webroot W32.Trojan.Dropper
Avira TR/Crypt.ULPM.Gen
MAX malware (ai score=100)
Kingsoft Troj.Agent.wq.(kcloud)
Arcabit Trojan.Kazy.D43AF
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Backdoor:Win32/Votwup.B
Cynet Malicious (score: 99)
McAfee Artemis!7F9F142500DE
VBA32 Trojan.Zeus.EA.0999
Malwarebytes Malware.Heuristic.1003
TrendMicro-HouseCall TROJ_JORIK.FP
Rising Backdoor.Votwup!8.87E (CLOUD)
Yandex Trojan.GenAsa!K9QWYfIJ3gg
SentinelOne Static AI – Malicious PE
eGambit Generic.Malware
BitDefenderTheta Gen:NN.ZexaF.34212.imHfamUWOsoc
AVG Win32:Kryptik-BHL [Trj]
Cybereason malicious.500de7
Panda Generic Malware
MaxSecure Trojan.Malware.1956207.susgen

How to remove Kazy.17327?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Kazy.17327
2 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 months ago