Malware

How to remove “Razy.830393”?

Malware Removal

The Razy.830393 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Razy.830393 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Razy.830393?


File Info:

name: ACD65D912565BAEE2C36.mlw
path: /opt/CAPEv2/storage/binaries/3e71bdf9b3ffd7caf401e529d68fe2d54faf4adf3f1cfe42416b7448e280497a
crc32: 200157CD
md5: acd65d912565baee2c36cb9eada99feb
sha1: f7ebc5d0fbfaa59203225949e8249682cae02f06
sha256: 3e71bdf9b3ffd7caf401e529d68fe2d54faf4adf3f1cfe42416b7448e280497a
sha512: 7335c4560f5618c2b27ca663f72d3813127ca8293e3a483987480323c5fc39f14a3670b9acc31f62434a5ba09a821a58af5128889e5b3a22dd25d91901f8a1ea
ssdeep: 49152:BNJwzUeYi9GHfgL/DvyFgkp3b/N1eltsazFEkJVY0Nk8iTTRrwqPz:3azm2/mhIFJEkJON7Pz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5D533E0401AD5BBCDD84EF1CB824BDF550C0E758E9824F7EB1211965A32B35E7BA81B
sha3_384: f83d9b4bdae2ac69d2570458c6f1975b7f8cca06ee991b2656bee863aa09f3abbe153a59784e05383947f4704b856909
ep_bytes: 558bec81ec001000000b4dec3355f803
timestamp: 2019-08-27 00:42:07

Version Info:

0: [No Data]

Razy.830393 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.acd65d912565baee
McAfeeIStartSurf
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e8e51 )
AlibabaTrojan:Win32/IStartSurf.69c9a0c5
K7GWTrojan ( 0055e8e51 )
Cybereasonmalicious.12565b
CyrenW32/S-f3183c5a!Eldorado
ESET-NOD32a variant of Win32/Kryptik.GYRB
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Biodata.pef
BitDefenderGen:Variant.Razy.830393
NANO-AntivirusRiskware.Win32.StartSurf.gdqkvx
MicroWorld-eScanGen:Variant.Razy.830393
AvastWin32:Trojan-gen
TencentWin32.Trojan.Biodata.Lqyo
Ad-AwareGen:Variant.Razy.830393
EmsisoftGen:Variant.Razy.830393 (B)
ComodoApplication.Win32.StartSurf.AX@8jvi2c
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Vittalia.14930
ZillyaTrojan.Kryptik.Win32.1786175
McAfee-GW-EditionBehavesLike.Win32.Trojan.vc
Trapminemalicious.moderate.ml.score
SophosIStartSurfInstaller (PUA)
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.Kryptik.OS
AviraTR/Dropper.Gen
ArcabitTrojan.Razy.DCABB9
ZoneAlarmHEUR:Trojan.Win32.Biodata.pef
MicrosoftTrojan:Win32/CryptInject.MS!MTB
AhnLab-V3PUP/Win32.IStartSurf.R294795
VBA32Trojan.Wacatac
ALYacGen:Variant.Razy.830393
MAXmalware (ai score=87)
MalwarebytesTrojan.IStartSurf
RisingTrojan.Kryptik!1.BC3B (CLASSIC)
YandexTrojan.GenAsa!unYDuRr2DTI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.74262177.susgen
FortinetW32/Kryptik.BVKS!tr
BitDefenderThetaGen:NN.ZexaF.34742.WEZ@aC1MSWpi
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Razy.830393?

Razy.830393 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment