Malware

What is “Razy.856574 (B)”?

Malware Removal

The Razy.856574 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.856574 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Razy.856574 (B)?



File Info:

name: E49296E657B22E02CB39.mlw
path: /opt/CAPEv2/storage/binaries/815dc5bbd699a50e4213c322acc92b567b9f772bd2a4bd3e3ca24492478e92a4
crc32: BF1918A2
md5: e49296e657b22e02cb391ea03e217e53
sha1: 1915a7db4021de3bbf1c83a15adeeed5cd62b5f3
sha256: 815dc5bbd699a50e4213c322acc92b567b9f772bd2a4bd3e3ca24492478e92a4
sha512: 71255b85f079d713f2d32f21c2a4eb45cf58658ddbb662c2e062d6bc0c2e11377b0db2e1ad3de8facc1bff615e5358154b7b0b4b60a18ab9fae82606863a2067
ssdeep: 196608:rp3kURYJl/6/LD8I4rwz9bJMQ6br+6bikW7/H4d4eeNIcUz+:rpUdx6X1aEb6bS7/HheL+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4A6334F5B0BCA1EF6746135D336B5F1A4C0BE15EE080297A1373DA7BA7E6801C6B099
sha3_384: 5e7dcee2083142718e400cc0764cdb73929f16b75f06cc5acf11afa8c1694d5e274653f793acf2edcdddae23f05863ab
ep_bytes: 60be0040d1008dbe00d06effc787ec70
timestamp: 2008-12-02 15:41:29


Version Info:

0: [No Data]

Razy.856574 (B) also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.SMSSend.473
MicroWorld-eScanGen:Variant.Razy.856574
FireEyeGeneric.mg.e49296e657b22e02
ALYacGen:Variant.Razy.856574
CylanceUnsafe
ZillyaTrojan.ArchSMS.Win32.377
SangforTrojan.Win32.Wacatac.A
K7AntiVirusTrojan ( 002408b81 )
AlibabaVirTool:Win32/Obfuscator.07326ab8
K7GWTrojan ( 002408b81 )
Cybereasonmalicious.657b22
BitDefenderThetaGen:NN.ZexaF.34212.@pJfaCjVSKbc
VirITTrojan.Win32.SMSSend.SF
CyrenW32/Kryptik.DKT.gen!Eldorado
SymantecTrojan.ADH.2
ESET-NOD32a variant of Win32/Kryptik.MOS
TrendMicro-HouseCallJOKE_ARCHSMS
ClamAVWin.Trojan.Agent-721972
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.856574
NANO-AntivirusRiskware.Win32.ArchSMS.utmvj
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b4b1f8
Ad-AwareGen:Variant.Razy.856574
EmsisoftGen:Variant.Razy.856574 (B)
ComodoMalware@#2r87ty6lrmnwy
VIPREPacked.Win32.PWSZbot.gen (v)
TrendMicroJOKE_ARCHSMS
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-R + Mal/EncPk-ZC
Ikarusnot-a-virus:Hacktool.SMSHoax
GDataGen:Variant.Razy.856574
JiangminHoax.ArchSMS.loa
MaxSecureTrojan.Malware.7164915.susgen
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Win32.Kryptik
KingsoftWin32.Torj.Hoax.(kcloud)
ArcabitTrojan.Razy.DD11FE
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Ditertag.A
CynetMalicious (score: 99)
McAfeeArtemis!E49296E657B2
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Occamy!8.F1CD (CLOUD)
YandexTrojan.GenAsa!K9QWYfIJ3gg
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
WebrootW32.Bot.Gen
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Razy.856574 (B)?

Razy.856574 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment