Malware

What is “Razy.826899”?

Malware Removal

The Razy.826899 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.826899 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Razy.826899?



File Info:

name: 7A43D225C268602D391F.mlw
path: /opt/CAPEv2/storage/binaries/a7331e717481fde3ff7a6f22f1c4a74e6e0039f5a6c3c5f79b7782c6eeb4f16f
crc32: 08BF5CEA
md5: 7a43d225c268602d391f42d400bc6cab
sha1: 153d688891669da4c5781e2aac6e431357167c85
sha256: a7331e717481fde3ff7a6f22f1c4a74e6e0039f5a6c3c5f79b7782c6eeb4f16f
sha512: cae5632a2c65a95b2485797ae40276867aeb43bf3226b7eac8365b4bfe4f976caa7bf044317596b5b5584c95ab3d03d748ded519a0d8ac45f4c9c5529fe1a702
ssdeep: 1536:gVokWfq7ASJodf2ts6N9SzoSy1Ts2lI/JGrkb80nieCmQERchK335uK5gtUlLzBe:3eSzPd2lGUrkb80NAKvW
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1D1C3B55673FD3414F7FB7BB56EF7A421AA3BB8885632E56E2644502F04B4E04A631332
sha3_384: c21c4762c8ae9c3a4ec26cbba91057c5533ae2f76320133f9a1bd287d209085056c1432101179d5d67e33b01d8fe8019
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-11-09 18:24:25


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Inclusion System
FileDescription:  
FileVersion: 4.16.0.1022
InternalName: Everest.WindowsServices.YearEndTaxService.exe
LegalCopyright: Copyright (c) Inclusion System, 2019
OriginalFilename: Everest.WindowsServices.YearEndTaxService.exe
ProductName: Everest
ProductVersion: 4.16.0.1022
Assembly Version: 4.16.0.1022

Razy.826899 also known as:

LionicTrojan.Win32.Razy.4!c
FireEyeGen:Variant.Razy.826899
CAT-QuickHealPUA.WacapewFC.S19435776
ALYacGen:Variant.Razy.826899
Cybereasonmalicious.5c2686
SymantecML.Attribute.HighConfidence
APEXMalicious
BitDefenderGen:Variant.Razy.826899
MicroWorld-eScanGen:Variant.Razy.826899
AvastWin32:MalwareX-gen [Trj]
Ad-AwareGen:Variant.Razy.826899
McAfee-GW-EditionGenericRXQR-IU!7A43D225C268
EmsisoftGen:Variant.Razy.826899 (B)
GDataGen:Variant.Razy.826899
ArcabitTrojan.Razy.DC9E13
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Win32.Generic.C4379922
McAfeeGenericRXQR-IU!7A43D225C268
MAXmalware (ai score=88)
TrendMicro-HouseCallTROJ_GEN.R002H09KC21
AVGWin32:MalwareX-gen [Trj]

How to remove Razy.826899?

Razy.826899 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment