Malware

Razy.859327 (file analysis)

Malware Removal

The Razy.859327 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Razy.859327 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Macedonian
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Deletes its original binary from disk
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Modifies boot configuration settings
  • Writes a potential ransom message to disk
  • Attempts to identify installed AV products by registry key
  • Creates a copy of itself
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

myexternalip.com
vinvish.com
mugegorcuk.com
crl.pki.goog
crls.pki.goog
ocsp.pki.goog
sistemaslye.com
w3dot.info
mywasiat.com

How to determine Razy.859327?


File Info:

crc32: 6FBCD62C
md5: 7fd2ff31eadafc8acc9440ef2e9912ff
name: 7FD2FF31EADAFC8ACC9440EF2E9912FF.mlw
sha1: 0e271053e71f9c7d3779e47fe0e1e9c89789e796
sha256: f875366fb4059f9de32c3cea7c842531d268c5fdbd49f62890f86f8f36f8fc06
sha512: 6b18d4296f50088deb7aa3e59e8112fc62bf09592651bf0a0ef9587282a5af6c87635418cd4e13cbd17f761ded7a27332bda45e016b673442070366fe3d463ee
ssdeep: 6144:BqDi609cKwDUbks5tSeaUfxUC4yFXADQOZMOKSH:cDiDwNpUmChFwsOpH
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Belongings (C) 2011
InternalName: Candlesticks
FileDescription: Demands
OriginalFilename: Consecrating.exe
CompanyName: Sysinfo Lab

Razy.859327 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Yakes.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3075
ClamAVWin.Virus.TeslaCrypt3-1
CAT-QuickHealRansom.Teslacrypt.D4
ALYacTrojan.Ransom.TeslaCrypt
CylanceUnsafe
ZillyaTrojan.Yakes.Win32.43530
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojan:Win32/Yakes.c9b277dd
K7GWTrojan ( 0055e3ef1 )
K7AntiVirusTrojan ( 0055e3ef1 )
BaiduWin32.Trojan.Filecoder.k
SymantecRansom.TeslaCrypt!g1
ESET-NOD32Win32/Filecoder.TeslaCrypt.I
APEXMalicious
AvastWin32:TeslaCrypt-AL [Trj]
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Yakes.nphq
BitDefenderGen:Variant.Razy.859327
NANO-AntivirusTrojan.Win32.Encoder.dyyydi
ViRobotTrojan.Win32.TeslaCrypt.Gen.B
MicroWorld-eScanGen:Variant.Razy.859327
TencentMalware.Win32.Gencirc.10c60ea9
Ad-AwareGen:Variant.Razy.859327
SophosML/PE-A + Mal/Ransom-DP
F-SecureHeuristic.HEUR/AGEN.1123567
BitDefenderThetaGen:NN.ZexaF.34170.tq0@a8d624gG
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.SM
McAfee-GW-EditionGenericR-FFT!7FD2FF31EADA
FireEyeGeneric.mg.7fd2ff31eadafc8a
EmsisoftGen:Variant.Razy.859327 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Yakes.djj
AviraHEUR/AGEN.1123567
MicrosoftRansom:Win32/Tescrypt.C
ArcabitTrojan.Razy.DD1CBF
ZoneAlarmTrojan.Win32.Yakes.nphq
GDataGen:Variant.Razy.859327
TACHYONTrojan/W32.Crypto.311296.B
AhnLab-V3Trojan/Win32.Teslacrypt.R169477
Acronissuspicious
McAfeeGenericR-FFT!7FD2FF31EADA
MAXmalware (ai score=83)
VBA32BScope.Trojan.Inject
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_CRYPTESLA.SM
RisingTrojan.Agent!1.A322 (CLASSIC)
YandexTrojan.Yakes!tOBg77UJwRk
IkarusTrojan.Win32.Filecoder
FortinetW32/Injector.CNRF!tr
AVGWin32:TeslaCrypt-AL [Trj]
Paloaltogeneric.ml

How to remove Razy.859327?

Razy.859327 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment