Malware

Razy.253697 (file analysis)

Malware Removal

The Razy.253697 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.253697 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

trump82.ddns.net

How to determine Razy.253697?



File Info:

crc32: 7FAA7A64
md5: e796116223c87de4dcb2601bb25cc03c
name: E796116223C87DE4DCB2601BB25CC03C.mlw
sha1: ef6901ad0c0891d533d146f610ced4a0c3103917
sha256: a51372fa83fba34c91cb526d0caa06357cd2edcb1a75ec67c7c93b7b938293db
sha512: c16eb59cf848f14dcd35ae9f71ab4a452e2578756006c8fc13444393dcde0127fb828108f9e5f9f75e47449aba45b816e6f9f6f5f340f4e154a29e0ea8517869
ssdeep: 12288:JDiR6thIgX8LyFgJI0kWEMX+gT/hxqpkC1WJ2TffW3XU:8AtugM+CJIVAX+axqjfO3X
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft Corporation 2021
Assembly Version: 12.5.2.3
InternalName: Windows Firewall.exe
FileVersion: 12.5.2.3
CompanyName: Copyright xa9 Microsoft Corporation 2021
LegalTrademarks: Windows Firewall
ProductName: Windows Firewall
ProductVersion: 12.5.2.3
FileDescription: Windows Firewall
OriginalFilename: Windows Firewall.exe

Razy.253697 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.253697
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
Cybereasonmalicious.223c87
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.GZW
APEXMalicious
AvastWin32:RATX-gen [Trj]
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderGen:Variant.Razy.253697
MicroWorld-eScanGen:Variant.Razy.253697
Ad-AwareGen:Variant.Razy.253697
SophosGeneric ML PUA (PUA)
BitDefenderThetaGen:NN.ZemsilF.34088.Gm0@ay5xyIm
FireEyeGeneric.mg.e796116223c87de4
EmsisoftGen:Variant.Razy.253697 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1101907
eGambitUnsafe.AI_Score_99%
MicrosoftBackdoor:Win32/Bladabindi!ml
GridinsoftTrojan.Win32.Kryptik.sd!ni
ZoneAlarmHEUR:Backdoor.MSIL.Bladabindi.gen
GDataGen:Variant.Razy.253697
AhnLab-V3Trojan/Win32.Korat.C2407299
McAfeeGenericRXAA-FA!E796116223C8
MAXmalware (ai score=89)
MalwarebytesMalware.AI.783725641
IkarusTrojan.MSIL.CryptoObfuscator
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.1E4FED4!tr
AVGWin32:RATX-gen [Trj]

How to remove Razy.253697?

Razy.253697 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment