Malware

Razy.694972 (file analysis)

Malware Removal

The Razy.694972 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.694972 virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Razy.694972?



File Info:

name: 0D9F73ABF2D55FCA126A.mlw
path: /opt/CAPEv2/storage/binaries/76e719c6446c6e4ffecc308b7bba776174554c228bd8222bb67a2d374efee706
crc32: 7EC5A48F
md5: 0d9f73abf2d55fca126af5a02fd610bd
sha1: 7771a857c82b404b20a651dd145c7f82197f00e1
sha256: 76e719c6446c6e4ffecc308b7bba776174554c228bd8222bb67a2d374efee706
sha512: d54208405216f41c8db42ca1752ba797abc5a8d33ebb519e6da6f0b345433969e85f4db4ab904ab55651eec62e06e9b1b22007b282f5be218768f08e763bab86
ssdeep: 12288:ru9HlfjyKRqasyL2vYWrsgLaxp9/ZxMEx4fOap4OQldUTYeEHF:DnYke/gOeP+e0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16305D70DFDB87E12CB7C427FE62394BC02D3E5189601D69BA6F426961F25789DCCAC48
sha3_384: 60c22d7f49f7e4785aadf2d0ef5761cf1c2d234301329b8da7a40540b3f27b647d11643c72592db1bb964de3bc8ef6be
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-07 02:18:27


Version Info:

Translation: 0x0000 0x04b0
FileDescription: WindowsApplication1
FileVersion: 1.0.0.0
InternalName: WindowsApplication1.exe
LegalCopyright: Copyright ©  2022
OriginalFilename: WindowsApplication1.exe
ProductName: WindowsApplication1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.694972 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
ALYacGen:Variant.Razy.694972
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/S-8931d031!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.LNR
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.694972
MicroWorld-eScanGen:Variant.Razy.694972
AvastMSIL:GenMalicious-AMZ [Trj]
Ad-AwareGen:Variant.Razy.694972
EmsisoftGen:Variant.Razy.694972 (B)
FireEyeGeneric.mg.0d9f73abf2d55fca
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.694972
AviraTR/Dropper.MSIL.Gen
ArcabitTrojan.Razy.DA9ABC
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
MAXmalware (ai score=87)
IkarusTrojan.MSIL.Injector
eGambitUnsafe.AI_Score_100%
BitDefenderThetaGen:NN.ZemsilF.34114.Wm0@auEWOBf
AVGMSIL:GenMalicious-AMZ [Trj]
Cybereasonmalicious.bf2d55
MaxSecureTrojan.Malware.300983.susgen

How to remove Razy.694972?

Razy.694972 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment