Malware

Razy.802075 removal

Malware Removal

The Razy.802075 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Razy.802075 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Installs a browser addon or extension
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Razy.802075?


File Info:

name: E0CF9B1ECE6A834B6BE8.mlw
path: /opt/CAPEv2/storage/binaries/92a1364c61c7f5c3add47a5a4b3c213f4a1ac01747b4957f1d1d8439c2fbe794
crc32: 2C0097D4
md5: e0cf9b1ece6a834b6be8feb1f5641174
sha1: 92ec496f4332abf6b7a17ee2357bd4ca15cf3241
sha256: 92a1364c61c7f5c3add47a5a4b3c213f4a1ac01747b4957f1d1d8439c2fbe794
sha512: ab327d7e6c7ae7d0ed0564839a2bbc1ca81b45a838f7df3f0b1fa93312d8857b79e16372c60d72f8acf7b8a447c64be89479787a3db021971b2b4bcb6bdb6913
ssdeep: 49152:KcHMgDwcMpgQmvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xno+cK:PjwzmvYYYYYYYYYYYRYYYYYYYYYYE3iN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170C5AF02FF91A652D0661930846A77B1D376FC21161A771B5240FB3EACB12D2EF26BCD
sha3_384: 2a4a0144cb732b3c633ddbb02452316effaf56e1711cf2ab868e161544064e9a1007e6d05c24d9d2717fb0c30647a2dd
ep_bytes: e8e1f6ffff6a5c6818aa0201e82c4200
timestamp: 1999-05-05 06:50:14

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Explorer
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: explorer
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: EXPLORER.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Razy.802075 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.802075
FireEyeGeneric.mg.e0cf9b1ece6a834b
McAfeeArtemis!E0CF9B1ECE6A
CylanceUnsafe
Cybereasonmalicious.ece6a8
BitDefenderThetaGen:NN.ZexaF.34084.Hs2@aemomNfi
SymantecML.Attribute.HighConfidence
BitDefenderGen:Variant.Razy.802075
AvastWin32:Virut-AOZ
Ad-AwareGen:Variant.Razy.802075
SophosGeneric ML PUA (PUA)
VIPRETrojan.Win32.Generic!BT
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Variant.Razy.802075 (B)
IkarusVirus.Win32.Virut
GDataGen:Variant.Razy.802075
AviraTR/Patched.Ren.Gen
ArcabitTrojan.Razy.DC3D1B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
ALYacGen:Variant.Razy.802075
MalwarebytesMalware.AI.3510774394
APEXMalicious
MAXmalware (ai score=87)
AVGWin32:Virut-AOZ
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Razy.802075?

Razy.802075 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment