About “Razy.468148” infection

The Razy.468148 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Razy.468148 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Razy.468148?


File Info:
name: D04EF76403DE98C68F44.mlw
path: /opt/CAPEv2/storage/binaries/1cd937f8ac0c5355463219c6dd6d29fb7c596634aa7006d5ea5f64525c358cfa
crc32: E3B04DFF
md5: d04ef76403de98c68f4479084c58b4e8
sha1: f86d0fb525c47d31a3c008ee8e71625d5265526d
sha256: 1cd937f8ac0c5355463219c6dd6d29fb7c596634aa7006d5ea5f64525c358cfa
sha512: f4904ef27a637db600be602f64168a23cefadbe8066d57df38815b98890136885314d1abbcf93c7edc9943b9c9141af122942907ec96dd58eb9fd508a69bb4c0
ssdeep: 12288:Hyl/7BddB9wDUx9LFKpwuD96cM3ydIcm48T85:HyZdB9w8r7uJ6RTcL8Y
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T13BF4129BB58E71A0E1F5E8B89A91918E45B338B5473243BF3782B31A720D3B2D43C715
sha3_384: 1ed19cfa2b77c57246b647936dcab1038e1caab24b604cd85faa628738056701f405987991a6e357520900c731ee3015
ep_bytes: 4883ec28e8e30600004883c428e91afe
timestamp: 2018-12-11 05:08:22

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows System Tweak
FileVersion: 94.71.70.82
InternalName: conhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: conhost.exe
ProductName: Microsoft© Windows© Operating System
ProductVersion: 22.37.09.09
Translation: 0x0409 0x04b0

Razy.468148 also known as:

Lionic	Trojan.Win32.Razy.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.468148
FireEye	Generic.mg.d04ef76403de98c6
McAfee	Generic.eab
Cylance	Unsafe
Zillya	Trojan.Injector.Win64.130
Sangfor	Trojan.Win64.Agent.qwhurz
K7AntiVirus	Trojan ( 005410a71 )
Alibaba	Trojan:Win64/Injector.f245735d
K7GW	Trojan ( 005410a71 )
CrowdStrike	win/malicious_confidence_90% (W)
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win64/Injector.BE
Avast	Win64:CoinminerX-gen [Trj]
Kaspersky	Trojan.Win64.Agent.qwhurz
BitDefender	Gen:Variant.Razy.468148
NANO-Antivirus	Trojan.Win64.Razy.fofwsg
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
Tencent	Win64.Trojan.Agent.Wnvy
Ad-Aware	Gen:Variant.Razy.468148
Sophos	Mal/Generic-S
Comodo	Malware@#1lk1c8xsvsaws
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DGJ21
McAfee-GW-Edition	BehavesLike.Win64.Worm.bc
Emsisoft	Gen:Variant.Razy.468148 (B)
Paloalto	generic.ml
GData	Gen:Variant.Razy.468148
Jiangmin	Trojan.Agent.dkqn
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1144733
Antiy-AVL	Trojan/Generic.ASMalwS.29E705A
Microsoft	Trojan:Win64/Injector.CD
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Gen.Generic.C2835195
ALYac	Gen:Variant.Razy.468148
MAX	malware (ai score=100)
VBA32	Trojan.Win64.Agent
Malwarebytes	Trojan.FakeMS.Generic
TrendMicro-HouseCall	TROJ_GEN.R002C0DGJ21
Yandex	Trojan.Injector!5ap2MVhfPGE
Fortinet	W64/Injector.BE!tr
AVG	Win64:CoinminerX-gen [Trj]
Cybereason	malicious.403de9
Panda	Trj/CI.A

How to remove Razy.468148?

Razy.468148 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X