Malware

Razy.848231 removal guide

Malware Removal

The Razy.848231 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.848231 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Razy.848231?



File Info:

name: A05009ACE2DE80CF96D8.mlw
path: /opt/CAPEv2/storage/binaries/98f1e3488295d14902aa261ddec5bb054874e872b8a92ca1b8ef20429f921bf6
crc32: 11BD87AB
md5: a05009ace2de80cf96d8e305b9a2e309
sha1: 3502d3207392d8029934821298efe7cdabfccd65
sha256: 98f1e3488295d14902aa261ddec5bb054874e872b8a92ca1b8ef20429f921bf6
sha512: 955ac44deeb5edb1b2352e33af9b8a4f58791672ba416e327813367718a147c67d3a0d7d9065be20ba7c45fe8a889c3410bb430efcb11a5dcc317956297dac25
ssdeep: 98304:H9oPBQHdgLo8aiBpzwEajI/YclLtzbKL6a5imAYp/t7:doPBd/z1iIwclhaLNimA8
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T14226BE5AE7EC80E9D35681B5CC01994BE2F2FD510B31839F50A432DE5F732B24DA97A2
sha3_384: 6c049591613196678b0f34f1f4e10dbe7b3ce9faf98b759628d221ad8d71f00fbce9d002af20b856c89cc2d4692272b5
ep_bytes: 4883ec28e8479600004883c428e952fe
timestamp: 2020-11-13 06:10:34


Version Info:

FileDescription: CustomPopMenu Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: CustomPopMenu
LegalCopyright: 版权所有 (C) 2006
OriginalFilename: CustomPopMenu.EXE
ProductName: CustomPopMenu 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Razy.848231 also known as:

LionicTrojan.Win32.Razy.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.848231
FireEyeGen:Variant.Razy.848231
McAfeeArtemis!A05009ACE2DE
K7AntiVirusTrojan ( 0058af441 )
AlibabaTrojan:Win32/Khalesi.e67110d8
K7GWTrojan ( 0058af441 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Generik.IYXJZHE
TrendMicro-HouseCallTROJ_GEN.R011C0WKS21
Paloaltogeneric.ml
KasperskyTrojan.Win32.Khalesi.lqkw
BitDefenderGen:Variant.Razy.848231
AvastWin64:Trojan-gen
Ad-AwareGen:Variant.Razy.848231
EmsisoftGen:Variant.Razy.848231 (B)
TrendMicroTROJ_GEN.R011C0WKS21
McAfee-GW-EditionBehavesLike.Win64.Generic.rc
SophosMal/Generic-S
GDataGen:Variant.Razy.848231
MicrosoftTrojan:Win32/Wacatac.B!ml
ALYacGen:Variant.Razy.848231
MAXmalware (ai score=88)
IkarusTrojan.SuspectCRC
FortinetW32/PossibleThreat
AVGWin64:Trojan-gen
Cybereasonmalicious.ce2de8
PandaTrj/CI.A

How to remove Razy.848231?

Razy.848231 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment