Malware

What is “Razy.703807”?

Malware Removal

The Razy.703807 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Razy.703807 virus can do?

  • Attempts to connect to a dead IP:Port (2 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Attempts to create or modify system certificates

Related domains:

ip-api.com
www.facebook.com

How to determine Razy.703807?


File Info:

crc32: 79916040
md5: 9fa210e0dbb29938d214f560a37d3ce5
name: hbggg.exe
sha1: c71f9c586659e884ab023a7a8779fd18b4309f10
sha256: aeac11665d18c297520e4e228775f3fbfbd1d89d4f2eb8a0502aab399959d9aa
sha512: 363ce0bc0236830c68758d5b3962df9c53379a5f866b81998d0c2c5c6857c9b95b224e9c8bc1fd7bfaff215483888a13cc947abc2c842932cf6da2ed983e8efa
ssdeep: 6144:Sn13jwHUysp9nIq+mdtKnCMerDm6L/SPSoLVNheYhna/kMHpwEZufoS:w3jr9nIodtKC/SiiSrYhna/kMHpwIuf
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Razy.703807 also known as:

BkavW32.AIDetectVM.malware1
MicroWorld-eScanGen:Variant.Razy.703807
FireEyeGeneric.mg.9fa210e0dbb29938
McAfeeGenericRXAA-AA!9FA210E0DBB2
CylanceUnsafe
BitDefenderGen:Variant.Razy.703807
Cybereasonmalicious.86659e
BitDefenderThetaGen:NN.ZexaF.34132.xmGfaazsvzij
F-ProtW32/Agent.BUL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.UAW
TrendMicro-HouseCallTROJ_GEN.R002H0CGB20
AvastWin32:TrojanX-gen [Trj]
GDataGen:Variant.Razy.703807
KasperskyTrojan.Win32.Fabookie.ge
AlibabaTrojan:Win32/Generic.d25848dc
TencentWin32.Trojan.Fabookie.Hxzu
Ad-AwareGen:Variant.Razy.703807
EmsisoftGen:Variant.Razy.703807 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoader33.62361
Invinceaheuristic
SentinelOneDFI – Malicious PE
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
APEXMalicious
CyrenW32/Agent.BUL.gen!Eldorado
JiangminTrojanDropper.Agent.gkuv
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Endgamemalicious (high confidence)
ArcabitTrojan.Razy.DABD3F
AhnLab-V3Trojan/Win32.RL_Agent.R340162
ZoneAlarmTrojan.Win32.Fabookie.ge
MicrosoftTrojan:Win32/Ymacco.AAAE
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Trojan.Infospy
MAXmalware (ai score=82)
MalwarebytesSpyware.PasswordStealer
PandaTrj/Genetic.gen
RisingTrojan.Occamy!8.F1CD (TFE:5:8c8GPC8FG4H)
IkarusTrojan.Win32.Agent
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.UAW!tr
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Win32/Trojan.Dropper.45c

How to remove Razy.703807?

Razy.703807 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment