What is "Razy.571028"? – Adware Reports

The Razy.571028 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.571028 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

Related domains:

wpad.local-net

xsp.zip-archive.com

How to determine Razy.571028?


File Info:
name: C592B1FE31F468DC0FAD.mlw
path: /opt/CAPEv2/storage/binaries/cf99489c2a378767efc4dbb7456f700d9ba33719c4ab59421335118db0306a55
crc32: 76464B4D
md5: c592b1fe31f468dc0fad6885142647db
sha1: 05834a4a72f5824c7948c0161d30b529ca9fca28
sha256: cf99489c2a378767efc4dbb7456f700d9ba33719c4ab59421335118db0306a55
sha512: 34287a77607bedb746ad0da87d776f9dbe05b8025dea22cb7ba3050b4d7f1ee3f16164afa22a76282ded497a28324b59af5695ab27a9cb39a154d3f7c0dfda86
ssdeep: 6144:YTfS/lnMgRLk0vovcgCAXlQHAvSMW2ZSAIZLMJboIWb8dcBOtXAB9iqcR4X0Un9R:59AXlP7W2ZSLZMbrcBIXASv00MmvFHTo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16284F1C13BC49676C28D77FC9CA2524503A27A93BD12DB97ACA031AE4C573DA740DA4B
sha3_384: f36327ed7af3f42e7bf316c70b64d0863849d2e763bd024d71c602c7bde566d4234270a6b2cc81c780a51d23701e1bb5
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-04-06 12:05:10

Version Info:
FileDescription: Setup
FileVersion: 1.0.0.0
InternalName: setup.exe
OriginalFilename: setup.exe
ProductName: Setup
ProductVersion: 1.0.0.0
Translation: 0x0000 0x04b0

Razy.571028 also known as:

Lionic	Trojan.Win32.Generic.mfSY
MicroWorld-eScan	Gen:Variant.Razy.571028
FireEye	Generic.mg.c592b1fe31f468dc
ALYac	Gen:Variant.Razy.571028
Cylance	Unsafe
K7AntiVirus	Trojan ( 700000121 )
Alibaba	Trojan:MSIL/Cryptos.36d23798
K7GW	Trojan ( 700000121 )
Cybereason	malicious.e31f46
Cyren	W32/MSIL_Troj.BT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Hoax.ArchSMS.BT
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Agent-1162622
Kaspersky	HEUR:Trojan.MSIL.Cryptos.gen
BitDefender	Gen:Variant.Razy.571028
NANO-Antivirus	Trojan.Win32.ArchSMS.dbluxz
Avast	Win32:SMSSend-CHO [PUP]
Tencent	Msil.Trojan.Cryptos.Syri
Ad-Aware	Gen:Variant.Razy.571028
Sophos	Mal/Generic-S
DrWeb	Trojan.DownLoader8.35757
TrendMicro	TROJ_GEN.R002C0PKM21
McAfee-GW-Edition	Trojan-FJKQ!C592B1FE31F4
Emsisoft	Gen:Variant.Razy.571028 (B)
Ikarus	Trojan-Dropper
GData	Gen:Variant.Razy.571028
Jiangmin	Trojan/Generic.avpqs
Avira	HEUR/AGEN.1128436
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASMalwS.987054
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win32.SMSHoax.R59827
McAfee	Trojan-FJKQ!C592B1FE31F4
VBA32	TScope.Trojan.MSIL
Malwarebytes	Malware.AI.4148258920
TrendMicro-HouseCall	TROJ_GEN.R002C0PKM21
Yandex	Trojan.Cryptos!+MBdlwAOwM4
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	Riskware/ArchSMS
BitDefenderTheta	Gen:NN.ZemsilF.34294.xm0@aK8PSdc
AVG	Win32:SMSSend-CHO [PUP]
Panda	Trj/CI.A
MaxSecure	Trojan.Malware.300983.susgen

How to remove Razy.571028?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Razy.571028”?