What is “Razy.799321”?

The Razy.799321 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Razy.799321 virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Razy.799321?


File Info:
name: 2172EDFC7E28BECA273F.mlw
path: /opt/CAPEv2/storage/binaries/e7bab9b3d452147006b61d6cb95e81e87f6702fbf9217503dca0685b6c8acb12
crc32: 929C6002
md5: 2172edfc7e28beca273f91b22d401cae
sha1: cbd7e733b7c83a6ffd5f4abc5db412d9f84d378a
sha256: e7bab9b3d452147006b61d6cb95e81e87f6702fbf9217503dca0685b6c8acb12
sha512: fb0ad81d7276b35cdedce8353e6a90adc1f8ef605dd626a91bdb8d1321668c3389d14ca7a452142624d6599b11a759dd309d368a1be623320e9bb375d19e02a2
ssdeep: 12288:cqbCojSSuv+/FnMeU8/Ijo8w9DGkGUcRJREIE:7bCojfnFnvl/qo8w7SRBE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1509412996A8DEFD3E3F80E3A0DD01E24973FA499356A9373294CA5199E873F920471D0
sha3_384: 3ae248196a0668d5b771271b8ac1142a8346d6287bcc897899fba01777d05216247da3b29e0d2dd66c459a4d81df77ff
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-11-22 12:25:15

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 上海西戎软件科技有限公司
FileDescription: AgentConfig
FileVersion: 6.0.0.1
InternalName: AgentConfig.exe
LegalCopyright: Copyright ©  2014
LegalTrademarks: 
OriginalFilename: AgentConfig.exe
ProductName: 快表代理配置工具
ProductVersion: 6.0.0.1
Assembly Version: 6.0.0.1

Razy.799321 also known as:

Lionic	Trojan.Win32.Generic.m7T4
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.2172edfc7e28beca
McAfee	GenericRXFZ-CY!2172EDFC7E28
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Trojan:MSIL/Generic.cc5b9ca4
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.MSIL.Crypt.hxey
BitDefender	Gen:Variant.Razy.799321
MicroWorld-eScan	Gen:Variant.Razy.799321
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Razy.799321
Sophos	Mal/Generic-S
DrWeb	Trojan.Siggen3.15963
TrendMicro	TROJ_GEN.R002C0PL821
McAfee-GW-Edition	BehavesLike.Win32.Fareit.gc
Emsisoft	Gen:Variant.Razy.799321 (B)
GData	Gen:Variant.Razy.799321
Jiangmin	Backdoor/Bifrose.ahtw
Avira	HEUR/AGEN.1125894
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.Generic.C4628656
BitDefenderTheta	Gen:NN.ZemsilF.34084.Am0@aufvJ0e
ALYac	Gen:Variant.Razy.799321
MAX	malware (ai score=87)
VBA32	TScope.Trojan.MSIL
Malwarebytes	MachineLearning/Anomalous.94%
TrendMicro-HouseCall	TROJ_GEN.R002C0PL821
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Generic.AP.6B9854C!tr
AVG	Win32:Malware-gen
Cybereason	malicious.c7e28b
Panda	Generic Malware

How to remove Razy.799321?

Razy.799321 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X