Malware

About “Razy.449276” infection

Malware Removal

The Razy.449276 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.449276 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Deletes executed files from disk

How to determine Razy.449276?



File Info:

name: 1564537374A5997F4C4A.mlw
path: /opt/CAPEv2/storage/binaries/54c1d70839935c29720807eb0afc8d973055da7c00038833275bde1e8bd9c5f1
crc32: D2DB755A
md5: 1564537374a5997f4c4afa2c41755e17
sha1: e1f94b51326ad8145c597c60251b4b4894c9faae
sha256: 54c1d70839935c29720807eb0afc8d973055da7c00038833275bde1e8bd9c5f1
sha512: a01639e8b72cdad841276fcb78baa5775ee25768d0b7ae40e4499edeb09e0f016b101d072cff1ecfcccbec38759c726ba3e6d5362bb3b1191267b3550124e021
ssdeep: 3072:rzrHae5YZH1R4ULfMuhtmUD1scqGns/A:DHJ+ZVRJzMuLbf1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ACA3BE26607C1F09E463B335700B2F3696F59B5F7F7956ACDAEE87B1B0B0A100A23156
sha3_384: 821246d757c099ef52dab78a2fc0cd18ca959f4ac1965b1dc34e5d24c268020572581b9232a60835ef2f0fa04d419980
ep_bytes: 60be00b049018dbe0060f6fe5783cdff
timestamp: 1989-07-26 11:50:30


Version Info:

CompanyName: Mozilla Foundation
FileDescription: Legacy Database Driver
FileVersion: 3.12.9.0 Basic ECC
InternalName: nssdbm3
OriginalFilename: nssdbm3.dll
ProductName: Network Security Services
ProductVersion: 3.12.9.0 Basic ECC
Translation: 0x0409 0x04b0

Razy.449276 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
DrWebTrojan.DownLoader4.46723
MicroWorld-eScanGen:Variant.Razy.449276
FireEyeGeneric.mg.1564537374a5997f
ALYacGen:Variant.Razy.449276
CylanceUnsafe
VIPREGen:Variant.Razy.449276
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojan:Win32/Nedsym.47b1a959
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.374a59
BitDefenderThetaGen:NN.ZexaF.34806.gmKfaWzQMOj
CyrenW32/Bredolab.AW.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.BCVA
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.449276
NANO-AntivirusTrojan.Win32.Dapato.ecfcf
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Nedsym-BZ [Trj]
TencentWin32.Trojan.Generic.Dxdc
Ad-AwareGen:Variant.Razy.449276
ComodoMalware@#xcw2infnw1nc
ZillyaDropper.Dapato.Win32.213
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
SophosTroj/Agent-RNY
IkarusTrojan-Downloader.Win32.Dapato
JiangminTrojan.Generic.gwflp
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.Gen4
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.3303
MicrosoftTrojan:Win32/Nedsym.G
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Razy.449276
AhnLab-V3Win-Trojan/FakeAV53.Gen
Acronissuspicious
McAfeeGenericRXAA-FA!1564537374A5
VBA32BScope.Trojan.Zbot.01367
APEXMalicious
RisingTrojan.Crypto!8.364 (CLOUD)
YandexTrojan.DR.Dapato!AsV+obzvXMI
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.2395002.susgen
FortinetW32/Kryptik.HZ!tr
AVGWin32:Nedsym-BZ [Trj]
PandaTrj/Banker.JJG
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Razy.449276?

Razy.449276 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment