Razy.711958 (file analysis)

The Razy.711958 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.711958 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Reads data out of its own binary image
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Azeri
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Creates a hidden or system file
Attempts to modify proxy settings

Related domains:

ecosystem.unvocal.ru

duckandbear.top

www.bing.com

How to determine Razy.711958?


File Info:
crc32: 10AF9384
md5: ef695f9ca0f45fed17e8e6e28880b4f8
name: EF695F9CA0F45FED17E8E6E28880B4F8.mlw
sha1: 19821d7ba552ba474cc1d830937cb4e68a207761
sha256: 0da04fe45addaba03bd636af1c8ba90353c6b1eb0455bbdce67a50c80b0515aa
sha512: 57456650417f41484598c04e89ad2b245a80550afed36d7ac10ec5b7534b8e0e3746138e8e1fff0d5d7420a20e0f81a4471f871c5ae23c023f884c8685a79997
ssdeep: 3072:aIwZrXAeiapjpFjtKIor0P1kzT5NtonurJ+Nw7YsuAg0FujoIOKnx2LHouto6uWt:avf1HhKXr0P8T7+xAONlyHoSpogdGJpm
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:
LegalCopyright: Glorea
InternalName: Glorea
FileVersion: 815.40.30.21
CompanyName: Glorea
ProductName: Glorea
ProductVersion: 210.30.23.13
FileDescription: Glorea
OriginalFilename: Glorea
Translation: 0x0804 0x04b0

Razy.711958 also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
FireEye	Generic.mg.ef695f9ca0f45fed
CAT-QuickHeal	Trojan.Cryptinject
Qihoo-360	HEUR/QVM10.1.0EE9.Malware.Gen
McAfee	Artemis!EF695F9CA0F4
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan-Downloader ( 005157091 )
BitDefender	Gen:Variant.Razy.711958
K7GW	Trojan-Downloader ( 005157091 )
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:HEUR:AdWare.Win32.TOVus.gen
NANO-Antivirus	Trojan.Win32.Tovkater.esgidz
MicroWorld-eScan	Gen:Variant.Razy.711958
Rising	Downloader.Tovkater!8.E5CE (RDMK:cmRtazo0LwhpwsJufk4P4IFPPaAn)
Ad-Aware	Gen:Variant.Razy.711958
Sophos	Mal/Generic-S
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Adware.ADWARE/Adware.Gen3
DrWeb	Trojan.DownLoader25.27784
TrendMicro	TROJ_GEN.R03BC0GB121
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
Emsisoft	Gen:Variant.Razy.711958 (B)
Ikarus	Trojan-Downloader.Win32.Tovkater
Jiangmin	TrojanDownloader.Generic.awta
Avira	ADWARE/Adware.Gen3
MAX	malware (ai score=89)
Antiy-AVL	GrayWare[AdWare]/Win32.AGeneric
Microsoft	Trojan:Win32/Glupteba!ml
Arcabit	Trojan.Razy.DADD16
ZoneAlarm	not-a-virus:HEUR:AdWare.Win32.TOVus.gen
GData	Gen:Variant.Razy.711958
AhnLab-V3	Adware/Win32.InstallMonster.R229436
Acronis	suspicious
VBA32	BScope.Trojan.InstallMonster
ALYac	Gen:Variant.Razy.711958
Malwarebytes	Adware.InstallMonster
ESET-NOD32	Win32/TrojanDownloader.Tovkater.CK
TrendMicro-HouseCall	TROJ_GEN.R03BC0GB121
Tencent	Malware.Win32.Gencirc.11b8c1d5
Yandex	Trojan.GenAsa!7pd5/udhH7Y
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Tovkater.CK!tr
BitDefenderTheta	Gen:NN.ZexaF.34804.ru2@aS7FhBcG
AVG	Win32:Evo-gen [Susp]
Cybereason	malicious.ca0f45

How to remove Razy.711958?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Razy.711958 (file analysis)