Malware

Razy.768006 removal

Malware Removal

The Razy.768006 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.768006 virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Network anomalies occured during the analysis.
  • Starts servers listening on 0.0.0.0:58463
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Queries information on disks for anti-virtualization via Device Information APIs
  • Sniffs keystrokes
  • A system process is generating network traffic likely as a result of process injection
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Harvests information related to installed mail clients
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

How to determine Razy.768006?



File Info:

crc32: DA30F913
md5: b48c58d28098a263bccee373f4638b7d
name: B48C58D28098A263BCCEE373F4638B7D.mlw
sha1: a9394a531484d1aa518e0d61c670912e0e32b73b
sha256: 90b3c06611bf0b61a4be2d53d85edda1a135eb2336cc01c1109f7805de5ad86e
sha512: 922cc23bb383613f1cec4822f732ab17c44f553782c04ebf4ca9338426392dfb5b333817c0fb40a3c3f3799d9e69dddad855df88abe882d84a96c276b47b4162
ssdeep: 12288:LPoA1ewNvCxCi+tFxrABR2PSxmPTTHAmwp82/1Z/cch9yB88u:UavN6xB+tLruRnxmPvAmsh/HLLG8d
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Unimpedness
InternalName: konfyt
FileVersion: 4.4
CompanyName: Unimpedness
ProductName: konfyt hie truckie
ProductVersion: 4.4
FileDescription: konfyt tubiform mull
OriginalFilename: konfyt.exe
Translation: 0x0409 0x04b0

Razy.768006 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Papras.2261
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.768006
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Foreign.f9a07a08
Cybereasonmalicious.28098a
ESET-NOD32a variant of Win32/GenKryptik.BHEQ
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Foreign.nswc
BitDefenderGen:Variant.Razy.768006
NANO-AntivirusTrojan.Win32.Papras.evlzmx
MicroWorld-eScanGen:Variant.Razy.768006
TencentWin32.Trojan.Foreign.Pezk
Ad-AwareGen:Variant.Razy.768006
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1113895
BitDefenderThetaGen:NN.ZexaF.34608.Oq0@aKXnhcfi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionGenericRXDK-YM!B48C58D28098
FireEyeGeneric.mg.b48c58d28098a263
EmsisoftGen:Variant.Razy.768006 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1113895
MicrosoftTrojan:Win32/Glupteba!ml
ArcabitTrojan.Razy.DBB806
ZoneAlarmTrojan-Ransom.Win32.Foreign.nswc
GDataGen:Variant.Razy.768006
Acronissuspicious
McAfeeGenericRXDK-YM!B48C58D28098
VBA32BScope.TrojanRansom.Foreign
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/GdSda.A
RisingRansom.Foreign!8.292 (CLOUD)
YandexTrojan.Foreign!FAqwBZOy69k
IkarusTrojan.Crypt
FortinetW32/Kryptik.EYKI!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Foreign.HgIASOkA

How to remove Razy.768006?

Razy.768006 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment