Malware

Kazy.7012 (B) (file analysis)

Malware Removal

The Kazy.7012 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Kazy.7012 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Kazy.7012 (B)?



File Info:

name: 542F08CD64F95B6B4CDC.mlw
path: /opt/CAPEv2/storage/binaries/1e65b57802009b4a34f3fdff5770b4ea3af8b57b698c0ccbdc840ff14ec7e253
crc32: 720A319F
md5: 542f08cd64f95b6b4cdc4b4cadaf1b44
sha1: 46fc2e2ff2436cc7011d6d05c38a646b59fcf78e
sha256: 1e65b57802009b4a34f3fdff5770b4ea3af8b57b698c0ccbdc840ff14ec7e253
sha512: f02dcb8ac99e6cdc7e52f04ece0e47f3434c6dd29b3bc604546591bcbca1d5600b1fc06d6f635441ddbb30a264d906a3c2fbc959b4d0806c4695e71956501b64
ssdeep: 3072:nLYQbeYVfF0MsF9dOk3D9aPeR1f2ta0PCEU3uNRocvTHnCqLBWt/8JlcJrp63:nLYceYVd0zF9dVD9aPe/f2zKEU7KT7Ux
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D0401896793C0D8EA5D4A7048CBDF515E9AFD311D1B62E2AE383F2FDC72248943918D
sha3_384: 834b9b1e792053d4ad85cc95f02e2cef73ea059222ff84948e884ecacb8b64a4fa57a8f7d72db0608107f516cc236a1e
ep_bytes: 60be008041008dbe0090feff57eb0b90
timestamp: 2006-12-19 10:40:24


Version Info:

Comments: 
CompanyName: Avira GmbH
FileDescription: Antivirus Control Center
FileVersion: 8.00.70.08
InternalName: Control Center
LegalCopyright: Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks: AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename: avcenter.exe
PrivateBuild: 
ProductName: AntiVir Workstation
ProductVersion: 8.00.70.08
SpecialBuild: 
Translation: 0x0800 0x04b0

Kazy.7012 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.542f08cd64f95b6b
CAT-QuickHealTrojanBNK.Zbot.mue
ALYacGen:Variant.Kazy.7012
CylanceUnsafe
VIPREVirTool.Win32.Obfuscator.da!j (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004af95c1 )
AlibabaTrojanSpy:Win32/SpyEyes.715699e8
K7GWTrojan ( 004af95c1 )
Cybereasonmalicious.d64f95
BitDefenderThetaGen:NN.ZexaF.34212.lmKfaeAs9Llc
VirITTrojan.Win32.Cryptic.BRM
CyrenW32/S-5f8a72a3!Eldorado
SymantecTrojan.Spyeye
ESET-NOD32a variant of Win32/Kryptik.BHOZ
APEXMalicious
KasperskyTrojan-Spy.Win32.SpyEyes.acgr
BitDefenderGen:Variant.Kazy.7012
NANO-AntivirusTrojan.Win32.Qbot.ijmhv
SUPERAntiSpywareTrojan.Agent/Gen-Morix
MicroWorld-eScanGen:Variant.Kazy.7012
AvastWin32:Trojan-gen
TencentWin32.Trojan-spy.Spyeyes.Stat
Ad-AwareGen:Variant.Kazy.7012
EmsisoftGen:Variant.Kazy.7012 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.MulDrop3.63836
ZillyaTrojan.Zbot.Win32.42453
TrendMicroTROJ_SPYEYE.SMEP
McAfee-GW-EditionPWS-Spyeye.fb
SophosMal/Generic-S + Mal/FakeAV-BW
IkarusTrojan.Win32.Spyeye
GDataGen:Variant.Kazy.7012
JiangminTrojanSpy.SpyEyes.orz
AviraTR/Crypt.EPACK.Gen2
ZoneAlarmTrojan-Spy.Win32.SpyEyes.acgr
MicrosoftPWS:Win32/Zbot!rfn
AhnLab-V3Spyware/Win32.Zbot.R2551
McAfeeArtemis!542F08CD64F9
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
TrendMicro-HouseCallTROJ_SPYEYE.SMEP
RisingSpyware.SpyEyes!8.4AA (CLOUD)
YandexTrojan.Kryptik!pr2yhL0x1V8
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.6215348.susgen

How to remove Kazy.7012 (B)?

Kazy.7012 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment