Malware

Kazy.5977 (file analysis)

Malware Removal

The Kazy.5977 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Kazy.5977 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Azeri
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Kazy.5977?



File Info:

name: 8C73D233AB2A9D0329B9.mlw
path: /opt/CAPEv2/storage/binaries/324ef0dfaca0d9535f32bf0ffca02ca2b005d2a715dc76f0c6bd504ee5330e15
crc32: 47614000
md5: 8c73d233ab2a9d0329b97e15aeb3ae0b
sha1: 65bd8a584e67f6fb00d0d4a9d46280bd705ebfe7
sha256: 324ef0dfaca0d9535f32bf0ffca02ca2b005d2a715dc76f0c6bd504ee5330e15
sha512: 73837a7d149d00262bbaf778c7c78971d6d3dee73b473291b5a765b52b49556c218d31ab31aeb7254e45ede34ad2e0a04024011632a812261966ab065df83e96
ssdeep: 3072:X7PRQIeVLvawyhG+q1VZKnSm4nDR8q18PrcpTw+VCwG:X7deV7awR1zES3RerckF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E1D30201FBD24F9BC4725EB898678E29272F7C1FA5E1634F0B4C792B1E3F6450984961
sha3_384: 8b6c26e08c6614bb743c09d7513e10426e7f945d05e2fcb84c7883dd079b4a6483ad500bf20e1135ff487d2fa26f3b24
ep_bytes: f7d1eb0a81e8814abd36f7d8f7de8bff
timestamp: 2011-01-06 23:52:20


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Photoshop Elements 7.0
FileVersion: 7.0.1.0
InternalName: Adobe Photoshop Elements
LegalCopyright: Copyright 2008 Adobe Systems Inc.
OriginalFilename: Photoshop Elements 7.0.exe
ProductName: Adobe Photoshop Elements
ProductVersion: 7.0
Translation: 0x0000 0x04e4

Kazy.5977 also known as:

LionicTrojan.Win32.Zbot.lkz7
Elasticmalicious (high confidence)
DrWebBackDoor.Qbot.72
MicroWorld-eScanGen:Variant.Kazy.5977
FireEyeGeneric.mg.8c73d233ab2a9d03
ALYacGen:Variant.Kazy.5977
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.29488
SangforSpyware.Win32.Zbot.YW
AlibabaTrojanSpy:Win32/Inject.dbf8f1ee
Cybereasonmalicious.3ab2a9
BitDefenderThetaAI:Packer.B1DCD2291F
VirITTrojan.Win32.Shiru.AY
CyrenW32/Kazy.BJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallTSPY_INJECTOR_CD102D20.RDXN
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-21103
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Kazy.5977
NANO-AntivirusTrojan.Win32.Zbot.eoaug
AvastWin32:Konar-B [Trj]
TencentMalware.Win32.Gencirc.114b5c71
Ad-AwareGen:Variant.Kazy.5977
EmsisoftGen:Variant.Kazy.5977 (B)
ComodoMalware@#kj064if05ih4
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_INJECTOR_CD102D20.RDXN
McAfee-GW-EditionPWSZbot-FJV!8C73D233AB2A
SophosMal/Generic-S
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Kazy.5977
JiangminTrojanSpy.Zbot.atym
WebrootTrojan.Dropper
AviraTR/VB.Inject.ajax
MAXmalware (ai score=99)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Kazy.D1759
MicrosoftVirTool:Win32/VBInject.RT
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R2562
McAfeePWSZbot-FJV!8C73D233AB2A
TACHYONTrojan-Spy/W32.ZBot.138752.AE
VBA32Malware-Cryptor.General.3
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojanSpy.Zbot!rvHdMX+KCvw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.2505846.susgen
FortinetW32/Kryptik.HTQ!tr
AVGWin32:Konar-B [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Kazy.5977?

Kazy.5977 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment