Malware

Razy.975534 (B) malicious file

Malware Removal

The Razy.975534 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.975534 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Razy.975534 (B)?



File Info:

name: E41CBA44DB5A1C0F231D.mlw
path: /opt/CAPEv2/storage/binaries/f57273931531f2be1ae17fee6645619cdc960665f0718caa899ea6b6c1d74389
crc32: BFC86436
md5: e41cba44db5a1c0f231dbf7a47121f54
sha1: 7e89d9e5ce933f20e574a2d53adfc821e39c734e
sha256: f57273931531f2be1ae17fee6645619cdc960665f0718caa899ea6b6c1d74389
sha512: fadf52a6ab4414d0dc1606a2fdc0312fe7a86318974c88d5b27e0d8dc044d5f8edfa32c58e7acce4433205758703e6aa300b789f36a751ceed894335787d6a45
ssdeep: 3072:dtieY6Y+DhC5lhrf+D9gSX3xEfUL22va:dEt6L1C5lhCD9g2xER2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T112D32B267655CA01C36D1537CACF411403FDEB862673EB287DDE329D98513E2AD0A6CD
sha3_384: 9561571af280481cd3bee179746d657c1419dfb57e3023dd5e1a883bf34f79321f91cc93389a0e80d10075818daaa12d
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-02-01 15:43:21


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Service for Internet Information
FileVersion: 7.0.6101.18908
InternalName: inetinfo.exe
LegalCopyright: Copyright© 2012-2017
OriginalFilename: inetinfo.exe
ProductVersion: 7.0.6101.18908
Assembly Version: 7.0.6101.18908

Razy.975534 (B) also known as:

LionicTrojan.MSIL.TaskLoader.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.975534
FireEyeGeneric.mg.e41cba44db5a1c0f
McAfeeGenericRXHX-YF!E41CBA44DB5A
CylanceUnsafe
SangforTrojan.MSIL.TaskLoader.gen
K7AntiVirusAdware ( 0057dd0b1 )
AlibabaTrojanDownloader:MSIL/TaskLoader.f9a3a0ee
K7GWAdware ( 0057dd0b1 )
Cybereasonmalicious.4db5a1
BitDefenderThetaGen:NN.ZemsilF.34182.iq0@auD!q9g
CyrenW32/TaskLoader.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Adware.OxyPumper.AK
TrendMicro-HouseCallTROJ_GEN.R002C0PB222
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.MSIL.TaskLoader.gen
BitDefenderGen:Variant.Razy.975534
AvastWin32:AdwareX-gen [Adw]
TencentMsil.Trojan-downloader.Taskloader.Ahei
SophosOxyPumper (PUA)
TrendMicroTROJ_GEN.R002C0PB222
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
EmsisoftGen:Variant.Razy.975534 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1235856
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.351EA7E
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftProgram:Win32/Wacapew.C!ml
GDataGen:Variant.Razy.975534
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C4552422
ALYacGen:Variant.Razy.975534
VBA32TScope.Trojan.MSIL
MalwarebytesAdware.OxyPumper
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:LvyH4QC+l3verpCLPgI5mw)
IkarusAdWare.MSIL.OxyPumper
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/OxyPumper
AVGWin32:AdwareX-gen [Adw]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Razy.975534 (B)?

Razy.975534 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment