Malware

Kazy.47475 removal guide

Malware Removal

The Kazy.47475 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Kazy.47475 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VMware through the presence of a file
  • Anomalous binary characteristics

How to determine Kazy.47475?



File Info:

name: 9847E4DADE719AE1E5F2.mlw
path: /opt/CAPEv2/storage/binaries/1789d9c2890e7fe762fa716b23408c15ab186bdb9e69c43f7c282fdee48cdd27
crc32: 0E2BE11A
md5: 9847e4dade719ae1e5f2049088e181b9
sha1: 164bf75d5ddf3eaeea2df91c639cc1b5aa272938
sha256: 1789d9c2890e7fe762fa716b23408c15ab186bdb9e69c43f7c282fdee48cdd27
sha512: 038d0a230cb83e9bc5b925dfc22837628b039e9505335c539d33c8afaf6dbab4eef643981c78b6af07f0243e59c60c491ec21f915a9305f54a87859c0d633d03
ssdeep: 768:tCMZYx20eGmIFvUYz7REFqugotkrF2fypX5Y6Px5rUgz3ks1hH0/b/fu:RZYx20muUkKF1ZtkrFTY6Px91hkbXu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18FA3BF22F06C0733C6A7D7343871A7269476D46DBA168A015A60B1A7B5FB3F4CF06D8C
sha3_384: 95f13ab8d0c5fcd95db8047f0e797478b4c190465fd3129529d0023f3c42ef4632d5f57f000b32261602e57c30be1c97
ep_bytes: f745e8080000000f840a00000013c633
timestamp: 2004-10-25 13:22:10


Version Info:

CompanyName: уВТЗеЪщКчцкВрУШЬНЬЙццЦмШНЖ
FileDescription: ФЦШЪЪРЙхнЧЖюАчЦдрЫюфджИ
FileVersion: 60.3.11.28
InternalName: щТЙюЗщФфЕгсымМЪЧЦНЕГКэ
LegalCopyright: тяДЯШррОАБПйЩЯЙиКЦВвшцГь
OriginalFilename: ЧжЯзЮМЫЕбоычХДьжнЗфврДНЖюь
ProductName: ЭВДЗфйрЦЩюЩьЬМКтЖХицИШЧ
ProductVersion: 60.3.11.28
Translation: 0x0008 0x0000

Kazy.47475 also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Kazy.47475
FireEyeGeneric.mg.9847e4dade719ae1
ALYacGen:Variant.Kazy.47475
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1215075
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
AlibabaTrojanDownloader:Win32/Carberp.82d77d03
K7GWTrojan ( 004bcce41 )
Cybereasonmalicious.ade719
VirITTrojan.Win32.Packed.BECL
CyrenW32/Zbot.AK.gen!Eldorado
SymantecTrojan.Gen.MBT
APEXMalicious
KasperskyPacked.Win32.Krap.hm
BitDefenderGen:Variant.Kazy.47475
NANO-AntivirusTrojan.Win32.Krap.gkpen
AvastWin32:dUmPeX [Susp]
TencentWin32.Packed.Krap.Htbz
Ad-AwareGen:Variant.Kazy.47475
EmsisoftGen:Variant.Kazy.47475 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.Packed.20343
TrendMicroWORM_QAKBOT.SMB
McAfee-GW-EditionBehavesLike.Win32.Generic.nz
SophosMal/Generic-S
IkarusTrojan.Zlob
GDataGen:Variant.Kazy.47475
JiangminBackdoor/Bredolab.clc
WebrootW32.Malware.Gen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.10906B1
ArcabitTrojan.Kazy.DB973
MicrosoftTrojanDownloader:Win32/Bredolab.AA
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!9847E4DADE71
VBA32Malware-Cryptor.Limpopo
TrendMicro-HouseCallWORM_QAKBOT.SMB
RisingDownloader.Carberp!8.2EB (CLOUD)
YandexTrojan.Kryptik!In/tel49Kvg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1382627.susgen
FortinetW32/Krap.HM!tr
BitDefenderThetaGen:NN.ZexaF.34212.gm0@amQXB!ic
AVGWin32:dUmPeX [Susp]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Kazy.47475?

Kazy.47475 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment