About “Razy.631149” infection

The Razy.631149 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Razy.631149 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Razy.631149?


File Info:
name: CCCB652D1FF59A29A5C3.mlw
path: /opt/CAPEv2/storage/binaries/5cd3c13e014eeb3925bf4c9cec3b283eb4b253a235dfffad794c4eefba9e2722
crc32: 4220EB6F
md5: cccb652d1ff59a29a5c37ca9cd0561ca
sha1: 8852d49b4ac26945ff966d428b6ad91230e591f9
sha256: 5cd3c13e014eeb3925bf4c9cec3b283eb4b253a235dfffad794c4eefba9e2722
sha512: 6ba10efd10e577a3e346cfa6040137ea407e5e857d942b3493ed0225d964417cd34e5ba07bfbbc803d4ca6df8458a5fc92b784c316c30729b49f90668fd83859
ssdeep: 768:kEnFXhtB+cMtu+7rVF7HF+kZSnLMZ9v/qzh1T413s/Ek0QHt0+w20sIJSnZc5tuv:lftB+Ltu+z7l+fnLMbyzsQHJw2BI4/Tr
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1EDF23A06B3982233E6BE477564F6CA0186B1D45B4173E20B79EDD1931F477A847A23E3
sha3_384: 343201013d50431ecc5cb918c3292cf472bdb2a2dbf9e6960f3868eee26126c765a7783d6a5f03516ad4d9a2f890d27c
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-28 23:24:36

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: ManualMapInjection
FileVersion: 1.0.0.0
InternalName: Injector.exe
LegalCopyright: Copyright ©  2017
LegalTrademarks: 
OriginalFilename: Injector.exe
ProductName: ManualMapInjection
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.631149 also known as:

CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
ALYac	Gen:Variant.Razy.631149
Cylance	unsafe
VIPRE	Gen:Variant.Razy.631149
Cybereason	malicious.b4ac26
Arcabit	Trojan.Razy.D9A16D
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/DllInject.XL potentially unsafe
APEX	Malicious
BitDefender	Gen:Variant.Razy.631149
MicroWorld-eScan	Gen:Variant.Razy.631149
Tencent	Malware.Win32.Gencirc.13b62db4
Sophos	Generic ML PUA (PUA)
Zillya	Trojan.Stealer.Win32.42516
FireEye	Generic.mg.cccb652d1ff59a29
Emsisoft	Gen:Variant.Razy.631149 (B)
SentinelOne	Static AI – Malicious PE
Google	Detected
Antiy-AVL	RiskWare/MSIL.DllInject
Microsoft	Trojan:MSIL/CryptInjector.A!MTB
GData	Gen:Variant.Razy.631149
Varist	W32/DllInject.A.gen!Eldorado
AhnLab-V3	Malware/Win32.RL_Generic.C4280606
MAX	malware (ai score=84)
DeepInstinct	MALICIOUS
Panda	Trj/GdSda.A
Ikarus	PUA.MSIL.Dllinject
Fortinet	Riskware/DllInject
BitDefenderTheta	Gen:NN.ZemsilF.36792.cm0@aGZBqWk
AVG	Win32:RATX-gen [Trj]
Avast	Win32:RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Razy.631149?

Razy.631149 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X