Malware

Razy.787864 (B) removal guide

Malware Removal

The Razy.787864 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.787864 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Razy.787864 (B)?



File Info:

name: 1B89B927B41EC7381401.mlw
path: /opt/CAPEv2/storage/binaries/4187409b3633ed6135484fb4863220ccffd14adb808ff820374b88ccf1179902
crc32: 2CD1BFE3
md5: 1b89b927b41ec738140136629ab9488a
sha1: 3a3b08a79646bde1a558d744ed1ca6670c1acd9c
sha256: 4187409b3633ed6135484fb4863220ccffd14adb808ff820374b88ccf1179902
sha512: 365c4369e7b55cc0a6886e5ef84552ff4f7ea34afaafe0014c2fd6c6101f31f8516e09ab3c449f94056067a1e50eeec42b35d2299a61892bcfed197f5651792f
ssdeep: 24576:CTpEhPD+kIScxWJ7RyUstqdcI8sey2U9aAHQjWvvlrQVljUKpCwYX7:CT2Yx8psWFe8aAywyls
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1659512C31B5C95DBD4592BB5C587AB3A5A32AFB263139693A5507E4A3F32FC02CC2047
sha3_384: 8dba98c46ca262522ce6444477994bb2cef0fa7721804e577e7fc333db6d536bad83f7c4cc0f2c7e7ffbdc577c51baa1
ep_bytes: 60e847fbffff6183ec045053b8a0057e
timestamp: 2021-11-14 03:03:21


Version Info:

0: [No Data]

Razy.787864 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.29444
MicroWorld-eScanGen:Variant.Razy.787864
FireEyeGeneric.mg.1b89b927b41ec738
ALYacGen:Variant.Razy.787864
CylanceUnsafe
AlibabaPacked:Win32/Virbox.40a65681
Cybereasonmalicious.7b41ec
BitDefenderThetaGen:NN.ZexaF.34062.1H3@aKyYGAfb
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Virbox.C suspicious
TrendMicro-HouseCallTROJ_GEN.R002H0CL421
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.787864
AvastWin32:Malware-gen
TencentWin32.Trojan.Generic.Eaeb
Ad-AwareGen:Variant.Razy.787864
SophosMal/Generic-S
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Autorun.tc
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Variant.Razy.787864 (B)
IkarusPUA.Virbox
GDataWin32.Application.PUPStudio.A
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1145616
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R429616
McAfeeArtemis!1B89B927B41E
VBA32BScope.Trojan.Kraplick.vck
MalwarebytesMalware.AI.4167361248
APEXMalicious
RisingTrojan.Generic@ML.92 (RDML:HOuKg4QDo72zvxNwbdFj4Q)
YandexTrojan.Agent!FBHaMd2Pp30
MAXmalware (ai score=85)
MaxSecureDropper.Dinwod.frindll
FortinetRiskware/Application
AVGWin32:Malware-gen
PandaTrj/GdSda.A

How to remove Razy.787864 (B)?

Razy.787864 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment