Malware

Razy.593107 removal tips

Malware Removal

The Razy.593107 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.593107 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Razy.593107?



File Info:

name: CF454C6F339217E740C9.mlw
path: /opt/CAPEv2/storage/binaries/9a5b7a55cd738364fbc440132171b525cf7eff204894cfc777cfd297c52c6206
crc32: CB840C59
md5: cf454c6f339217e740c917c3fab75bda
sha1: 5df7d7512a7363248cc265ff738be13636fc1010
sha256: 9a5b7a55cd738364fbc440132171b525cf7eff204894cfc777cfd297c52c6206
sha512: 54e844d3082225f8c451ae2a43e1b0acad9e13abe12a729b19c0e1f43135160d4161f1f896f417770b40e50a09958dd083867d56b4c2ba96d7e6383f2a82c72a
ssdeep: 3072:ybeeFpUHzlGPxleBczmASRbQRE5B/S8GrkddZ:yXpUHwPxleWzYsqB68H
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F0D33858FE9CE206CF8D93B6E0E560A582F15A14B4C7E7F62C0C5AA62F1B3D41E4425F
sha3_384: bc827f9561f5abaf144d95427e340d6def8a532fafbe80a5f48c0dd4cc3126459c8496957c5daff4c55894fc92603df4
ep_bytes: ff2500a04000607508eabdd4eca94353
timestamp: 2085-10-28 19:08:34


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Base64Converter
FileVersion: 1.0.0.0
InternalName: Base64Converter.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Base64Converter.exe
ProductName: Base64Converter
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.593107 also known as:

LionicTrojan.Win32.Razy.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.593107
FireEyeGeneric.mg.cf454c6f339217e7
McAfeeArtemis!CF454C6F3392
CylanceUnsafe
K7AntiVirusTrojan ( 7000001c1 )
AlibabaPacked:MSIL/VMProtect.0368d278
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.f33921
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.VMProtect.C suspicious
APEXMalicious
BitDefenderGen:Variant.Razy.593107
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.Razy.593107
EmsisoftGen:Variant.Razy.593107 (B)
McAfee-GW-EditionArtemis!Trojan
SophosML/PE-A + Mal/VMProtBad-A
IkarusTrojan.MSIL.Vmprotect
AviraTR/Dropper.MSIL.Gen2
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataGen:Variant.Razy.593107
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.C3693461
ALYacGen:Variant.Razy.593107
MAXmalware (ai score=88)
TrendMicro-HouseCallTROJ_GEN.R002H0CL421
SentinelOneStatic AI – Malicious PE
FortinetRiskware/Application
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Razy.593107?

Razy.593107 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment