Malware

Razy.715130 (file analysis)

Malware Removal

The Razy.715130 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.715130 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Razy.715130?



File Info:

name: 189B4C1A58C769D4BCAE.mlw
path: /opt/CAPEv2/storage/binaries/f3de2fffa80c3f860aee54d3344a69d6287d76b785be586cea1fc96f56bdd731
crc32: 635DE98D
md5: 189b4c1a58c769d4bcae079f23845918
sha1: d4b672629951f952929d51395ca5b52de24815d5
sha256: f3de2fffa80c3f860aee54d3344a69d6287d76b785be586cea1fc96f56bdd731
sha512: e46ff5bea7a5c857610e6958056c41830602cb65c6541398cc01b5fe34905f44be116bd12fc98ea6f7ffb4293b8485f65dfc7d7f60672970a121e28695d5a6a6
ssdeep: 3072:5n/zfF1WnTrxpfq2rBKVZQXSv9P9KPOML:pmrrq2CZP9gl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DEB33A2A7358DF01C578657AC9DF083403EAEAC33A32D7693E5E26CC19423A25D46BDD
sha3_384: 867a7d51743b25154d9cb6dd2c7e47bce7c3aec7a7e8b39a6b215475ccf03ce8a4ca27192adb76aa6bd61c023a6c363e
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-28 00:18:51


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Hewlett-Packard Company
FileDescription: Client
FileVersion: 1.0.0.0
InternalName: Client.exe
LegalCopyright: Copyright © Hewlett-Packard Company 2013
OriginalFilename: Client.exe
ProductName: Client
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Razy.715130 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.715130
FireEyeGeneric.mg.189b4c1a58c769d4
ALYacGen:Variant.Razy.715130
CylanceUnsafe
SangforTrojan.MSIL.Agent.gen
K7AntiVirusTrojan ( 0056f9bf1 )
AlibabaTrojanDownloader:MSIL/Generic.8bdbdd79
K7GWTrojan ( 0056f9bf1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/MSIL_Kryptik.BUN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.CYB
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.MSIL.Agent.gen
BitDefenderGen:Variant.Razy.715130
AvastWin32:Trojan-gen
TencentMsil.Trojan-downloader.Agent.Dzkl
SophosMal/Generic-S
TrendMicroTROJ_GEN.R014C0WAT22
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Razy.715130 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1142903
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.351A9D3
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataGen:Variant.Razy.715130
CynetMalicious (score: 99)
McAfeeArtemis!189B4C1A58C7
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Crypt
TrendMicro-HouseCallTROJ_GEN.R014C0WAT22
IkarusTrojan.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.CYB!tr
BitDefenderThetaGen:NN.ZemsilF.34182.gq0@a07X@If
AVGWin32:Trojan-gen
Cybereasonmalicious.a58c76
PandaTrj/GdSda.A

How to remove Razy.715130?

Razy.715130 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment