Malware

Razy.341457 information

Malware Removal

The Razy.341457 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.341457 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Terminates another process
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • CAPE detected the DarkComet malware family
  • Creates a copy of itself

How to determine Razy.341457?



File Info:

name: 99D1900EFD4F4BA47445.mlw
path: /opt/CAPEv2/storage/binaries/7e824667c0a0d2f8041814d12855353985b4c7cfd3751aed78ba2e3eece2ad44
crc32: 62A94806
md5: 99d1900efd4f4ba474453290e6ce69c2
sha1: 08b308efb0deba36365ee4d3fc545f38c8e00405
sha256: 7e824667c0a0d2f8041814d12855353985b4c7cfd3751aed78ba2e3eece2ad44
sha512: 61cf2266083472e7725b0d18a4ec75ed5e14a9596161697621cb9a07d156b1ec62ae33341fe6ee8c82d9c18a53da5438f964fa355b4b97fa1170cd54ab7a670f
ssdeep: 12288:FzI2ZU7p2mUP/Fb4W5NcE7Wxi68lrYxObz2cxjKgLZ777w2dhKH7a:FzIZ76PB4W5NcE7k8rYxO2Uu63DuG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T104D4236247D1D326CBE76939186A2294C6F1DA0F9803F1763E46E02772D32891FAF5E1
sha3_384: c57ab82efe697967001226e047cfdd031f1f301b7910497d77fbd471e273dfe6bf05fa33f79598a57bfee05e3db0b818
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-09-05 21:43:56


Version Info:

Translation: 0x0000 0x04b0
FileDescription: avav avav
FileVersion: 1.0.0.0
InternalName: avav avav.exe
LegalCopyright: Copyright ©  2013
OriginalFilename: avav avav.exe
ProductName: avav avav
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.341457 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGen:Variant.Razy.341457
ALYacGen:Variant.Razy.341457
CylanceUnsafe
VIPREGen:Variant.Razy.341457
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004d90a01 )
K7GWTrojan ( 004d90a01 )
Cybereasonmalicious.efd4f4
VirITTrojan.Win32.DownLoader18.HKB
SymantecTrojan.Gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.BVB
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-PSW.MSIL.Chisburg.gen
BitDefenderGen:Variant.Razy.341457
NANO-AntivirusTrojan.Win32.DarkKomet.dkknoo
AvastWin32:Malware-gen
TencentWin32.Trojan.Generic.Hwwf
Ad-AwareGen:Variant.Razy.341457
EmsisoftGen:Variant.Razy.341457 (B)
ComodoTrojWare.MSIL.Injector.BWCA@557otw
DrWebTrojan.DownLoader18.4993
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.99d1900efd4f4ba4
SophosMal/Generic-S
IkarusTrojan-Ransom.Blocker
GDataGen:Variant.Razy.341457
JiangminTrojanSpy.Zbot.dtnp
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.37EA
ArcabitTrojan.Razy.D535D1
ZoneAlarmHEUR:Trojan-PSW.MSIL.Chisburg.gen
MicrosoftBackdoor:Win32/Fynloski
CynetMalicious (score: 99)
McAfeePWSZbot-FER!99D1900EFD4F
MalwarebytesBackdoor.Agent.FPO
RisingTrojan.Generic/MSIL@AI.92 (RDM.MSIL:N5NbMUke2eEgL9DnTckn7w)
YandexTrojan.Agent!G9+4RZcU7pE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.DFY!tr
BitDefenderThetaGen:NN.ZemsilF.34806.Lm0@aOaEM7l
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Razy.341457?

Razy.341457 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment