Categories: Malware

About “Razy.808750” infection

The Razy.808750 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.808750 virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Code injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo

Related domains:

z.whorecord.xyz
ilo.brenz.pl
a.tomx.xyz
bjyhfk.com
ant.trenz.pl
zpnbmo.com
eyyyho.com
mtembs.com
cbajga.com
khamga.com
jscezv.com
mvwoao.com
keesef.com
ueinsm.com
oirubr.com
urekfa.com
ibjysz.com
anaesm.com
ojxahb.com
eevfug.com
ejsuio.com
uueuyh.com
mkogue.com
ilqemj.com
wqqobc.com
smvueh.com
doraoy.com
jjryop.com
xibixs.com
zwyeap.com
lmvlfm.com
ocnejd.com
gyrayg.com
btgknn.com
xwfiio.com
uvecke.com
xioumv.com
fuyerb.com
mayyjl.com
aoozhd.com

How to determine Razy.808750?



File Info:

crc32: E56334C6md5: e970794be25b27a9246e5e0db49f9a45name: E970794BE25B27A9246E5E0DB49F9A45.mlwsha1: d041c4d2567811917fa707c37cf813e077222196sha256: e5abfe17a2932936a78f07bab321d3f1adddaf7b01f1b721cc031300cd695d79sha512: 1497b24668729bccfc149f247dbd933d06c8efe756eb37beb4f494bf179c22b2e78e38b93f1b46ed7e80a763af95e7b79e933ba66439db7b532877a4e42fab44ssdeep: 1536:K5MDWfdUlwpu7eJmun7vIzmQWgyX6X33xz4fP4OTvs9rYfd/uCAGbv5kIOdt:Kiq2lwpu7kFbMm4XHh8GrNpGbvrO3type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

Translation: 0x0409 0x04b0LegalCopyright: PinatioProject 2014-2015InternalName: Cheat PB By Rahma ( Masih Percobaan )FileVersion: 1.00CompanyName: PinatioProject InjectorLegalTrademarks: PinatioProject Resallerx2122ProductName: Injector Trial UpdateProductVersion: 1.00FileDescription: PinatioProjectx2122OriginalFilename: Cheat PB By Rahma ( Masih Percobaan ).exe

Razy.808750 also known as:

Lionic Trojan.Win32.Zbot.4!c
DrWeb Trojan.Packed.1895
ClamAV Win.Tool.Johnnie-6793850-0
CAT-QuickHeal W32.Virut.G
ALYac Gen:Variant.Razy.808750
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7GW Virus ( f10002001 )
K7AntiVirus Virus ( f10002001 )
Cyren W32/Virut.R.gen!Eldorado
Symantec W32.Virut.CF
ESET-NOD32 a variant of Win32/Virut.NHD
APEX Malicious
Avast FileRepMalware
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Inject.aiswr
BitDefender Gen:Variant.Razy.808750
NANO-Antivirus Virus.Win32.Virut.hpeg
MicroWorld-eScan Gen:Variant.Razy.808750
Tencent Win32.Virus.Virut.Alie
Ad-Aware Gen:Variant.Razy.808750
Sophos Mal/Generic-S
Comodo Packed.Win32.MUPX.Gen@24tbus
BitDefenderTheta AI:Packer.2CE776231F
TrendMicro PE_VIRUX.S-3
McAfee-GW-Edition BehavesLike.Win32.Generic.lc
FireEye Generic.mg.e970794be25b27a9
Emsisoft Gen:Variant.Razy.808750 (B)
SentinelOne Static AI – Malicious PE
Avira W32/Virut.Gen
Antiy-AVL Trojan/Generic.ASVirus.2F
Kingsoft Win32.Infected.Virut.sr.(kcloud)
Microsoft Trojan:Win32/Wacatac.B!ml
Arcabit Trojan.Razy.DC572E
GData Gen:Variant.Razy.808750
TACHYON Virus/W32.Virut.Gen
AhnLab-V3 Win32/Virut.F
MAX malware (ai score=83)
VBA32 Virus.Virut.14
Panda Trj/CI.A
TrendMicro-HouseCall PE_VIRUX.S-3
Yandex Trojan.GenAsa!3MFsSPYuEbQ
Ikarus Trojan.Win32.Genome
Fortinet W32/Virut.CE
AVG FileRepMalware

How to remove Razy.808750?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzanaesm.comant.trenz.plaoozhd.combjyhfk.combtgknn.comcbajga.comCheat PB By Rahma ( Masih Percobaan )doraoy.comeevfug.comejsuio.comeyyyho.comfuyerb.comgyrayg.comibjysz.comilo.brenz.plilqemj.comjjryop.comjscezv.comkeesef.comkhamga.comlmvlfm.commayyjl.commkogue.commtembs.commvwoao.comocnejd.comoirubr.comojxahb.comRazy.808750smvueh.comueinsm.comurekfa.comuueuyh.comuvecke.comwqqobc.comxibixs.comxioumv.comxwfiio.comz.whorecord.xyzzpnbmo.comzwyeap.com
3 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

3 weeks ago