Malware

Razy.593244 (file analysis)

Malware Removal

The Razy.593244 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.593244 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Razy.593244?



File Info:

name: BE911368EED181D5E0F0.mlw
path: /opt/CAPEv2/storage/binaries/e258dda091171e18e326a505323efa3feba2a09ac7309bbea8e4d9c100766079
crc32: B919EA0A
md5: be911368eed181d5e0f01c7e26a580c9
sha1: c24c936694a387872e2103a87d92546fae533e47
sha256: e258dda091171e18e326a505323efa3feba2a09ac7309bbea8e4d9c100766079
sha512: b8a08f6b185ca050b67b1b9e23c873f959a0b74518420292acea12122a66dd095dbc8bce10db516122e2918655ec99d665728be348d6c5990c3cf27245fbde95
ssdeep: 12288:lOWMSDqNfrspU75pw3l/KxOv8F0bhfI4Sz0nm54Zb+3YNrasGj9hKsr4U1:wpqYfrs275pw3l/KL
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T108B4088E5FBB404BD3C963745C61EF3D90229C18781AC32A305679DA7FB17E50DA2AB1
sha3_384: 972e70df04452745ef1c8d90c2123e6422eab92e12f17a54a17d8fb25828872521e8d483121a6a08368f6ff07c045681
ep_bytes: ff2500a04400cc1300ec17001e230000
timestamp: 2022-04-25 21:01:00


Version Info:

Translation: 0x0000 0x04b0
Comments: Updater
CompanyName: Updater
FileDescription: Updater
FileVersion: 1.0.0.1
InternalName: Updater.exe
LegalCopyright: Enveit ©  2022
LegalTrademarks: 
OriginalFilename: Updater.exe
ProductName: Updater
ProductVersion: 1.0.0.1
Assembly Version: 1.0.0.1

Razy.593244 also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.8eed18
CyrenW32/MSIL_Kryptik.CRG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.VMProtect.B
APEXMalicious
CynetMalicious (score: 100)
BitDefenderGen:Variant.Razy.593244
MicroWorld-eScanGen:Variant.Razy.593244
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:Kqhr/UJWAS7vIAxJxpyqzA)
Ad-AwareGen:Variant.Razy.593244
SophosMal/VMProtBad-A
FireEyeGeneric.mg.be911368eed181d5
EmsisoftGen:Variant.Razy.593244 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.593244
ArcabitTrojan.Razy.D90D5C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
Acronissuspicious
ALYacGen:Variant.Razy.593244
MAXmalware (ai score=82)
CylanceUnsafe
IkarusTrojan.MSIL.Vmprotect
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZemsilF.34606.Gu0@ayhIl2k
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Razy.593244?

Razy.593244 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment