Malware

What is “Razy.617803”?

Malware Removal

The Razy.617803 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Razy.617803 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Razy.617803?


File Info:

name: EEFC69D0F94009BEF01F.mlw
path: /opt/CAPEv2/storage/binaries/a21f64b9bb20ccc7492d736c32a60f3660d00c65ed2587f01d5e638fe17b3aa6
crc32: BCC00167
md5: eefc69d0f94009bef01f2aaf37a32a74
sha1: e66be19a4137784aa96fd63fb0cb19ef3fea1366
sha256: a21f64b9bb20ccc7492d736c32a60f3660d00c65ed2587f01d5e638fe17b3aa6
sha512: 0f73e3e5bd1049bae128c71da6b62297fb3bb4d4062aaa0bae4ed4dd835eed6897b5f79bce0b47eb899d2e381c9e7032f0a25899d4d74982b191ef8e7199053e
ssdeep: 768:m/KkDo79thRTWdHe9qwf/f2NKkoxI12QpCC2MdnH9q2KZK3njTBQNfSyzimwreKR:mfORTMH2PXf2oeYQpCRqw2ZjAViXk5oN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19223F187D3881A60C57358F1F4B042319352F6E1AB7B63FB490EC5769D652AB8F2C29C
sha3_384: 360c1a7c2ebdd40b7dd11d8a4304a2cc6305c40a8d2d4ea8fd6a70232639bf55949d9be5a2643fae23f3ac8e506c7710
ep_bytes: 60be008041008dbe0090feff5783cdff
timestamp: 2051-01-17 08:20:52

Version Info:

0: [No Data]

Razy.617803 also known as:

LionicRiskware.Win32.Razy.1!c
MicroWorld-eScanGen:Variant.Razy.617803
FireEyeGeneric.mg.eefc69d0f94009be
McAfeeRDN/Generic.hbg
CylanceUnsafe
SangforTrojan.Win32.Wacatac.A
K7GWUnwanted-Program ( 004d38111 )
K7AntiVirusUnwanted-Program ( 004d38111 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Keygen.AD potentially unsafe
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Razy.617803
NANO-AntivirusTrojan.Win32.Gendal.fvmhgc
AvastWin32:Malware-gen
TencentWin32.Trojan.Spnr.Aqgq
Ad-AwareGen:Variant.Razy.617803
ComodoMalware@#17tabcgf9q238
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionRDN/Generic.hbg
EmsisoftGen:Variant.Razy.617803 (B)
IkarusTrojan-Dropper.Win32.Small
GDataGen:Variant.Razy.617803
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftTrojan:Win32/Wacatac.B!ml
ALYacGen:Variant.Razy.617803
MAXmalware (ai score=97)
VBA32BScope.Trojan.Packed
TrendMicro-HouseCallTROJ_GEN.R002H09GI21
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.88792270.susgen
WebrootW32.Malware.Gen
AVGWin32:Malware-gen
Cybereasonmalicious.0f9400

How to remove Razy.617803?

Razy.617803 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment