Malware

Razy.866327 information

Malware Removal

The Razy.866327 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.866327 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Razy.866327?



File Info:

name: 6CFEF731A5D3C3B88CF0.mlw
path: /opt/CAPEv2/storage/binaries/d4db738e548eb03b53ee79ae0253309722668cdac9f12214fa1db5c933a77ea0
crc32: 4DB55617
md5: 6cfef731a5d3c3b88cf03aa26778cbfc
sha1: 0f5839755255ade0e0c581ff435a919a9dd0c65d
sha256: d4db738e548eb03b53ee79ae0253309722668cdac9f12214fa1db5c933a77ea0
sha512: ee1dc586ac706e90d00aa5be2bb71a5a0b8207ed65ce64082b1a3aa4aa464705c751b83eb91cbfb5ae3ef289d1992b903833156ed927309efb34393215e46ebf
ssdeep: 12288:EHLUMuiv9RgfSjAzRtyt0WLzCFn7/ewKlGUAKQ18YH:etARo0WXw7/ecBKQF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5E4234B7E12F9FBDC258470EF17862EC0FAEBA15F205313A254A10FD815226BC664EC
sha3_384: 9c4209ff3a23ae864aaa03b68b0cac0fe3ba8ce38ba244251c22078c39ffe8785ff865a0e06d3e574fe703408737ca26
ep_bytes: 60be000047008dbe0010f9ff5783cdff
timestamp: 2008-12-24 09:00:07


Version Info:

FileDescription: 
FileVersion: 3, 3, 0, 0
CompiledScript: AutoIt v3 Script : 3, 3, 0, 0
Translation: 0x0809 0x04b0

Razy.866327 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lijH
DrWebTrojan.KillFiles.9284
MicroWorld-eScanGen:Variant.Razy.866327
FireEyeGen:Variant.Razy.866327
ALYacGen:Variant.Razy.866327
MalwarebytesMalware.Heuristic.1003
AlibabaTrojanDropper:Win32/Kryptik.a2e94eba
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaAI:Packer.E5AAC91C1F
CyrenW32/SuspPack.DH.gen!Eldorado
SymantecSecurityRisk.gen1
ESET-NOD32multiple detections
TrendMicro-HouseCallCryp_Embed4
KasperskyHEUR:Trojan.Script.Generic
BitDefenderGen:Variant.Razy.866327
NANO-AntivirusTrojan.Script.Autoit.duhxmd
TencentWin32.Trojan.Bluescreen.Wtyc
Ad-AwareGen:Variant.Razy.866327
SophosML/PE-A + Mal/MDrop-Gen
ComodoMalware@#18ouebjwnwn7u
F-SecureDropper.DR/AutoIt.Gen
BaiduMulti.Threats.InArchive
VIPRETrojan.Win32.Generic!BT
TrendMicroCryp_Embed4
McAfee-GW-EditionBehavesLike.Win32.Injector.jc
EmsisoftGen:Variant.Razy.866327 (B)
IkarusTrojan-Ransom.BlueScreen
GDataGen:Variant.Razy.866327 (7x)
JiangminWorm/KillFiles.aj
MaxSecureWorm.Win32.AutoIt.QN
AviraDR/AutoIt.Gen
Antiy-AVLHackTool[Hoax]/Win32.ArchSMS
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Razy.DD3817
MicrosoftTrojan:Win32/Zbot.SIBC21!MTB
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Palevo.R1819
McAfeeArtemis!6CFEF731A5D3
VBA32Trojan.Autoit.Srv
APEXMalicious
RisingTrojan.Generic@ML.100 (RDML:ToMDzfPi8ZKItsfiRScO+A)
YandexHacktool.AutoitBinder.Gen
MAXmalware (ai score=82)
FortinetW32/Kryptik.ANS!tr
WebrootW32.Trojan.Gen
Cybereasonmalicious.1a5d3c
PandaTrj/Autoit.gen

How to remove Razy.866327?

Razy.866327 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment