Malware

Razy.704838 (B) removal instruction

Malware Removal

The Razy.704838 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.704838 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Razy.704838 (B)?



File Info:

name: 29618654CC55CD559C4E.mlw
path: /opt/CAPEv2/storage/binaries/62499b375472c1c3791fbfcd16750b702561d63986eaf847ce3b15c90b4a79c5
crc32: 7BDEC811
md5: 29618654cc55cd559c4e574439062186
sha1: 2f0da56165c8e0656abedf2370daa0a98eb278ac
sha256: 62499b375472c1c3791fbfcd16750b702561d63986eaf847ce3b15c90b4a79c5
sha512: 98f4d296d2fe1d4ef644deb019427b9aa6a987ce7c8789d9754759c013cb677d6695edcaaec6312a32ad9ffd03b7de692754ac5060e0a0e5cffb249e7d666325
ssdeep: 98304:ws9PoxyH00ytQdRllSaZ/NJxoM+aMn8B5BhVJlx2qvF1TL9Og6hS3qHBo3gO3g3u:wsF/H+typT/HvfhJZD916U8C66
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C72623661486B095E5A12C309A39F4F5845A3C134E2339652DCBFEEF793AAC1E7C7207
sha3_384: 057b2fdd625b88425109473a49443bad4e30c27808ef1b0b8a92bb89906b9611dbc92102b3e4afcf72ec501b14825638
ep_bytes: 60be00604e008dbe00b0f1ff57eb0b90
timestamp: 2020-05-11 08:08:43


Version Info:

FileVersion: 7.20.511.3819
Comments: EasyDrv7 - ITSK.com
FileDescription: 万能驱动7
ProductVersion: 7.0
LegalCopyright: Copyright © 2006-2020 ITSK.com, All Rights Reserved.
OriginalFilename: EasyDrv7.exe
ProductName: 万能驱动7
InternalName: 万能驱动7
CompanyName: IT天空(ITSK.COM)
Compiler: SKAEv2 Pro+ (v2.19.723.70) - 2020/05/11 16:08:40
Translation: 0x0804 0x04b0

Razy.704838 (B) also known as:

BkavW32.AIDetect.malware2
FireEyeGeneric.mg.29618654cc55cd55
CylanceUnsafe
BitDefenderThetaGen:NN.ZexaF.34084.@pLfaWXdLjjj
TrendMicro-HouseCallTROJ_GEN.R03BH09L521
Paloaltogeneric.ml
CynetMalicious (score: 100)
BitDefenderGen:Variant.Razy.704838
MicroWorld-eScanGen:Variant.Razy.704838
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Razy.704838
EmsisoftGen:Variant.Razy.704838 (B)
McAfee-GW-EditionBehavesLike.Win32.DLSponsor.rc
SophosGeneric ML PUA (PUA)
GDataGen:Variant.Razy.704838
Antiy-AVLTrojan/Generic.ASMalwS.271DCD2
MicrosoftProgram:Win32/Uwamson.A!ml
McAfeeArtemis!29618654CC55
MAXmalware (ai score=82)
APEXMalicious
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.4cc55c

How to remove Razy.704838 (B)?

Razy.704838 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment