Categories: Malware

Razy.641209 (file analysis)

The Razy.641209 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.641209 virus can do?

Executable code extraction
Creates RWX memory
Detected script timer window indicative of sleep style evasion
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (6 unique times)
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
Performs some HTTP requests
A scripting utility was executed
Detects Sandboxie through the presence of a library
Checks for the presence of known windows from debuggers and forensic tools
The following process appear to have been packed with Themida: file.exe
Attempts to identify installed AV products by installation directory
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

iplogger.org

apps.identrust.com

isrg.trustid.ocsp.identrust.com

ocsp.int-x3.letsencrypt.org

How to determine Razy.641209?


File Info:
crc32: C4DA4C6Dmd5: e0f34321a14c61e1342fbbf7fca0d76dname: file.exesha1: a9ef42a08985953465c216dd9b02b4b732037f7csha256: c5f8b9ce7d832960fdf71fbf083f4e5c99c6076ecfb9d9fdf643d2ba9cc9f814sha512: 702fc0a2df82079baab1bcf338b1c5438660e78876d7fc2fa67135cda7a4cf63e6967e74c88a34365baf2e40b82a1ace9ceb8c3d55b3ed24e594da6fcc1b2cb6ssdeep: 98304:k4of6bn3Q59bBRHPmfwry3uh2m8Rv1hHXB4knC0qOiBguj1/mt:k4Fbn3QfHPmfykv/qfBFj1/atype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: AdrolasaProductVersion: 2.5.0.0FileVersion: 2.5.0.0FileDescription: Translation: 0x0000 0x04b0

Razy.641209 also known as:

MicroWorld-eScan	Gen:Variant.Razy.641209
FireEye	Generic.mg.e0f34321a14c61e1
McAfee	Artemis!E0F34321A14C
Cylance	Unsafe
AegisLab	Trojan.Win32.Coins.i!c
BitDefender	Gen:Variant.Razy.641209
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
GData	Dropped:Trojan.VBS.Agent.BNO
Kaspersky	HEUR:Trojan-PSW.Win32.Coins.vho
Endgame	malicious (high confidence)
Emsisoft	Gen:Variant.Razy.641209 (B)
F-Secure	Heuristic.HEUR/AGEN.1103013
DrWeb	VBS.DownLoader.1872
Zillya	Trojan.GenericKD.Win32.30057
Invincea	heuristic
Ikarus	Trojan.Win64.Themida
Avira	TR/PSW.Coins.inphg
MAX	malware (ai score=89)
Arcabit	Trojan.VBS.Agent.BNO
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.gen
Microsoft	Trojan:Win32/Caynamer.A!ml
VBA32	TScope.Malware-Cryptor.SB
Panda	Trj/CI.A
ESET-NOD32	a variant of Win64/Packed.Themida.JU
Rising	Malware.Heuristic!ET#99% (RDMK:cmRtazo9NWZQ2iF0fsiyFTFoWq9i)
Yandex	Riskware.Unwanted!
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Coins.CNV!tr.pws
BitDefenderTheta	Gen:NN.ZexaF.34138.0zWaamgPPnmi
Paloalto	generic.ml
Qihoo-360	HEUR/QVM42.0.BF2F.Malware.Gen