What is “Razy.849724”?

The Razy.849724 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Razy.849724 virus can do?

Unconventionial binary language: Russian
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Razy.849724?


File Info:
name: BCC14F5040B96EF11F0B.mlw
path: /opt/CAPEv2/storage/binaries/59173e581333692f9e7f7ef77af8f822f30d74f288646ff0472036f2ffc2f3bd
crc32: A5A7A0C6
md5: bcc14f5040b96ef11f0b38408221cb7b
sha1: b99587f5eb4a86fbb6d24622131ac91590209ffa
sha256: 59173e581333692f9e7f7ef77af8f822f30d74f288646ff0472036f2ffc2f3bd
sha512: 06ffdf9068c186b0d17091d90bb50556a6694d1cb6520d12d84c3c1d373ba333758c2e435d46b7268683b6287cdb0f542dfa038f5f16db198955c304961913de
ssdeep: 1536:rmA/7+fKoKxs4hcnruaevF2YApQTdKh2aoI:ie7IKoKtcyaed2Xp4ALoI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19453C613A7F25006F5B2A9305ABBAB010B26F9D36D35974B1B50690D9CB36C2F8373D6
sha3_384: e055c8f36f88e3ae38a86f7fd402c7aa5147974492ff54a031f11518dd060921384f1049b5b69e3b99a951565be56ded
ep_bytes: 55bb4d6363754081c06d4e6e4103d8b8
timestamp: 2006-08-23 05:38:26

Version Info:
CompanyName: Корпорация Майкрософт
FileDescription: Диспетчер синхронизации
FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
InternalName: mobsync.exe
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: mobsync.exe
ProductName: Диспетчер синхронизации
ProductVersion: 5.1.2600.5512
Translation: 0x0419 0x04b0

Razy.849724 also known as:

tehtris	Generic.Malware
DrWeb	Trojan.Packed.22288
MicroWorld-eScan	Gen:Variant.Razy.849724
FireEye	Generic.mg.bcc14f5040b96ef1
ALYac	Gen:Variant.Razy.849724
Cylance	Unsafe
Cybereason	malicious.040b96
BitDefenderTheta	Gen:NN.ZexaF.34726.dG0@aibpHrji
VirIT	Win32.Scribble.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.AJTY
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Razy.849724
Avast	Win32:Trojan-gen
Ad-Aware	Gen:Variant.Razy.849724
Emsisoft	Gen:Variant.Razy.849724 (B)
VIPRE	Gen:Variant.Razy.849724
McAfee-GW-Edition	Artemis
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Mal/EncPk-NSU
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Razy.849724
Jiangmin	Trojan/Yakes.cmr
Google	Detected
Avira	TR/Crypt.XPACK.Gen8
MAX	malware (ai score=89)
Arcabit	Trojan.Razy.DCF73C
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!BCC14F5040B9
VBA32	BScope.Malware-Cryptor.9212
Rising	Malware.FakePDF/ICON!1.6AC1 (CLASSIC)
Ikarus	Trojan.Win32.Yakes
Fortinet	W32/Yakes.B!tr
AVG	Win32:Trojan-gen

How to remove Razy.849724?

Razy.849724 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X