Malware

Razy.776205 removal instruction

Malware Removal

The Razy.776205 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.776205 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits behavior characteristic of Cerber ransomware
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Razy.776205?



File Info:

crc32: B2D1E483
md5: beba30b08ffb5667b1aede98fc163d6c
name: BEBA30B08FFB5667B1AEDE98FC163D6C.mlw
sha1: 802315e35e6feb88fb343040b8b09c19693dc2df
sha256: a85ccfd95d34ec12581da4a4e07c574d4e06f4b7ace406c9a8cfbfa1b522014d
sha512: 256b5f491ebdeb6d712d783a36f6602d5e5e95ed3441b659572f5e4a402673c0868695cbc30271d6eb64798906d67f83e2598d1f6e9ed552f958d35df6368673
ssdeep: 6144:48w+DiGpBYDV8f7uCuQ+193u7WCvbaW3RbEhNFH5s:48wHIwVaS1T93QWC495s
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2013 Steganos Software GmbH
InternalName: DropCypher.exe
FileVersion: 17.0.2.11443
CompanyName: Steganos Software GmbH
LegalTrademarks: Steganos Safe 17 is a trademark of Steganos Software GmbH
Comments: Steganos Safe 17
ProductName: Steganos Safe 17
ProductVersion: 17.0.2.11443
FileDescription: Dropbox Encryption
OriginalFilename: DropCypher.exe
Translation: 0x0409 0x04e4

Razy.776205 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005224381 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.4691
CynetMalicious (score: 100)
CAT-QuickHealRansom.Cerber.YY4
ALYacGen:Variant.Razy.776205
CylanceUnsafe
ZillyaTrojan.Zerber.Win32.4082
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 005224381 )
Cybereasonmalicious.08ffb5
BaiduWin32.Trojan.Cerber.h
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.GAAM
APEXMalicious
AvastWin32:MalOb-GY [Cryp]
ClamAVWin.Ransomware.Cerber-9783079-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.776205
NANO-AntivirusTrojan.Win32.Zerber.eveazu
MicroWorld-eScanGen:Variant.Razy.776205
TencentMalware.Win32.Gencirc.11494f8e
Ad-AwareGen:Variant.Razy.776205
SophosMal/Generic-R + Mal/Cerber-K
ComodoTrojWare.Win32.Ransom.Cerber.HX@6lfg5l
BitDefenderThetaAI:Packer.97D1C39E20
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPCERBER.SM30
McAfee-GW-EditionGenericRXDH-PF!BEBA30B08FFB
FireEyeGeneric.mg.beba30b08ffb5667
EmsisoftGen:Variant.Razy.776205 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.ZPACK.Gen
MicrosoftRansom:Win32/Cerber.A
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Razy.776205
Acronissuspicious
McAfeeGenericRXDH-PF!BEBA30B08FFB
MAXmalware (ai score=99)
VBA32Trojan-Ransom.Zerber
MalwarebytesMalware.AI.2035922763
PandaTrj/CI.A
TrendMicro-HouseCallRansom_HPCERBER.SM30
RisingRansom.Cerber!8.3058 (TFE:dGZlOgFXaTBQl/DY/A)
YandexTrojan.Agent!Ifh1DZFrCeg
IkarusTrojan.Win32.Boaxxe
FortinetW32/Kryptik.HEKH!tr
AVGWin32:MalOb-GY [Cryp]
Paloaltogeneric.ml

How to remove Razy.776205?

Razy.776205 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment