Malware

Razy.788565 (file analysis)

Malware Removal

The Razy.788565 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.788565 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Razy.788565?



File Info:

name: DC8A279B4AEF266D8616.mlw
path: /opt/CAPEv2/storage/binaries/18f0a5f6a823ccb6627758d6a4329f41d685bd2cb7f148629ca0f1e2f004a4ae
crc32: 232DDE15
md5: dc8a279b4aef266d8616d302bb8be6f4
sha1: 2ac77df7920e174ac3e8376ef3f247a3aae7828c
sha256: 18f0a5f6a823ccb6627758d6a4329f41d685bd2cb7f148629ca0f1e2f004a4ae
sha512: 3d673e62c5060bf66a319b5e30d0681a370671a0a28dc33ee64373da68a7e3d75b819ec52bfe704301543f14b9c630b6dcc2694df9022acc1abff5842d669081
ssdeep: 12288:qpGPxgNv+7/ieCLW1RcDHQAcnajB3aLXkwcIvukvxGh2X:qEPxoECLW1RcD90OB3aLXkwcIBxGh2X
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T11D946D09EBF404F4E1B3DA34C9A55106DBB77C466B70C69F33A9425B2F236909D39B22
sha3_384: f6f412a47d40a0568283e49972f8b39758441f11b4f61c225379ec05c2f76116909348490367c254b74491298a554f41
ep_bytes: 4883ec28e88f0400004883c428e96afe
timestamp: 2020-12-01 18:00:27


Version Info:

ProductName: WinRAR
CompanyName: Alexander Roshal
FileDescription: Command line RAR
FileVersion: 6.0.0
ProductVersion: 6.0.0
InternalName: Command line RAR
LegalCopyright: Copyright © Alexander Roshal 1993-2020
Comments: Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
Translation: 0x0409 0x04e4

Razy.788565 also known as:

LionicTrojan.Win32.CliptoShuffler.7!c
MicroWorld-eScanGen:Variant.Razy.788565
FireEyeGen:Variant.Razy.788565
McAfeeArtemis!DC8A279B4AEF
CylanceUnsafe
AlibabaTrojanBanker:Win32/CliptoShuffler.add7d993
Cybereasonmalicious.b4aef2
CyrenW64/Trojan.LRYB-8092
SymantecTrojan.Gen.MBT
TrendMicro-HouseCallTROJ_GEN.R002C0WGO21
KasperskyTrojan-Banker.Win32.CliptoShuffler.bqb
BitDefenderGen:Variant.Razy.788565
AvastFileRepMalware
Ad-AwareGen:Variant.Razy.788565
EmsisoftGen:Variant.Razy.788565 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WGO21
McAfee-GW-EditionBehavesLike.Win64.Dropper.gh
SophosMal/Generic-S
IkarusTrojan.CliptoShuffler
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Razy.788565
AhnLab-V3Malware/Win64.Generic.C4269715
VBA32TrojanBanker.CliptoShuffler
ALYacGen:Variant.Razy.788565
YandexTrojan.PWS.CliptoShuffler!KgG1aZe45YQ
FortinetW32/CliptoShuffler.BQB!tr
AVGFileRepMalware
PandaTrj/CI.A

How to remove Razy.788565?

Razy.788565 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment