Malware

Razy.803834 (B) removal tips

Malware Removal

The Razy.803834 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.803834 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Checks for the presence of known windows from debuggers and forensic tools
  • Likely virus infection of existing system binary
  • Attempts to identify installed analysis tools by a known file location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself

How to determine Razy.803834 (B)?



File Info:

name: F7BD4D033DC8AD8ABB92.mlw
path: /opt/CAPEv2/storage/binaries/29c8f46c98fb0e7415f14e50e98089ce0d01e3d0254734ca1fe0f193a225eb4a
crc32: F10DD3DD
md5: f7bd4d033dc8ad8abb92bad71742943d
sha1: 77009159058e8af7dbc8abf13be1e20cf1c846fe
sha256: 29c8f46c98fb0e7415f14e50e98089ce0d01e3d0254734ca1fe0f193a225eb4a
sha512: 499617fe7596777469ec6c652b84c4a881728a68811637f8ecb57cda18bf3b73b5f460289f5bb30bf473fa45e8d6753a55a5bc77c9b3921a013ef71b17d1b51a
ssdeep: 6144:pyAj0KReO5yu54tJdJ0G1+78wY7Dsqp0JdGm52nHNTUq9:pyABeLtJ7F1PwY7SynN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19954131A65D8516AC0F62A38F98B2915CC1CB9920A4D820F798CFC4FFF7B1F52F25254
sha3_384: 601f4a2b629ef1b46f5049677d48a49850ba5373819c2ea6a8f95e79de36642ca95823d5146e475bcec7ea48b8bbb613
ep_bytes: 90558bec83c4b046f7dee82d0f0000f7
timestamp: 2006-03-08 15:20:05


Version Info:

CompanyName: Nlyxfg Midhlevth
FileDescription: Nlyxfg Wcppf Kpojw
FileVersion: 83,75,105,120
InternalName: Nlyxfg
LegalCopyright: Copyright © Nlyxfg Midhlevth 1998-2005
OriginalFilename: Nlyxfg.exe
ProductName: Nlyxfg Wcppf Kpojw
ProductVersion: 82,125,77,118
Translation: 0x0409 0x04e4

Razy.803834 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.f7bd4d033dc8ad8a
CAT-QuickHealWorm.SlenfBot.Gen
ALYacGen:Variant.Razy.803834
CylanceUnsafe
VIPRETrojan.Win32.Kryptik.lbu (v)
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaExploit:Win32/ShellCode.2148b966
K7GWTrojan ( 0020e6b91 )
K7AntiVirusTrojan ( 0020e6b91 )
ArcabitTrojan.Razy.DC43FA
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.KYK
APEXMalicious
Paloaltogeneric.ml
KasperskyPacked.Win32.Krap.ae
BitDefenderGen:Variant.Razy.803834
NANO-AntivirusTrojan.Win32.Kolab.gzswz
SUPERAntiSpywareTrojan.Agent/Gen-Pervaser
MicroWorld-eScanGen:Variant.Razy.803834
AvastWin32:Krajabot-G [Trj]
TencentWin32.Trojan.Inject.Auto
Ad-AwareGen:Variant.Razy.803834
SophosML/PE-A + Mal/FakeAV-IU
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.Packed.1883
ZillyaTrojan.Kryptik.Win32.883632
McAfee-GW-EditionPWS-Spyeye.ff
EmsisoftGen:Variant.Razy.803834 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.dbep
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLWorm[Net]/Win32.Kolab
MicrosoftWorm:Win32/Slenfbot.ALJ
ZoneAlarmPacked.Win32.Krap.ae
GDataGen:Variant.Razy.803834
McAfeePWS-Spyeye.ff
VBA32Trojan.Zeus.EA.0999
TrendMicro-HouseCallBKDR_QAKBOT.SMG
RisingTrojan.Generic@AI.94 (RDML:n0oTOIRf6qhlzafi8rIAsw)
YandexTrojan.Kryptik!x7JRQsD0TAI
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.NAS!tr
BitDefenderThetaGen:NN.ZexaF.34212.rq0@a4W39Goc
AVGWin32:Krajabot-G [Trj]
Cybereasonmalicious.33dc8a
PandaBck/Qbot.AO

How to remove Razy.803834 (B)?

Razy.803834 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment