Malware

What is “Razy.979493 (B)”?

Malware Removal

The Razy.979493 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Razy.979493 (B) virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings

How to determine Razy.979493 (B)?



File Info:

name: ADB411E5F85705A67003.mlw
path: /opt/CAPEv2/storage/binaries/152a0e0df1789baa301e5c481f5b39e2d0f64e52aa76eb678f394afe8387efaf
crc32: AD619E80
md5: adb411e5f85705a6700391dd2177d830
sha1: f6c2392f650deeac4deea1776ca12fee29c82def
sha256: 152a0e0df1789baa301e5c481f5b39e2d0f64e52aa76eb678f394afe8387efaf
sha512: 5179366bb408657de18f7433f8c37121a45502c93908fbfdce40b265a6a8709a93158e6fe03ab2b5291ef4853077e64922721c102d0b6cffaf8e2b043ecdb648
ssdeep: 3072:aRsJQ8vUbMVSQTWiddo4uj+rA4ySmH2L4i9FfK:FJNvUgYGW0O4s+rmS/s6FK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192C6129BB29436FAC31F92393B9F3985BCC3EA5641D7E6411A7C11078063F8CB6A1913
sha3_384: 3e10f5d1374f9211eba0370a67d34d10a4b80f7249eaca805b8697672825ca5ce129702a4a4d683cdb97eac4188e3cc5
ep_bytes: 60be00c045008dbe0050faff57eb0b90
timestamp: 2015-07-22 09:36:46


Version Info:

0: [No Data]

Razy.979493 (B) also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
DrWebTrojan.DownLoader15.27463
MicroWorld-eScanGen:Variant.Razy.979493
FireEyeGeneric.mg.adb411e5f85705a6
ALYacGen:Variant.Razy.979493
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 0055e3dc1 )
K7GWPassword-Stealer ( 0055e3dc1 )
Cybereasonmalicious.5f8570
BitDefenderThetaGen:NN.ZexaF.34742.@pJfaO!JILn
VirITTrojan.Win32.Generic.CBRO
CyrenW32/QQPass.AF.gen!Eldorado
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/PSW.QQPass.OVQ
TrendMicro-HouseCallTSPY_QQPASS_EK0502A0.UVPM
ClamAVWin.Trojan.Agent-1353245
KasperskyTrojan.Win32.Agent.gen
BitDefenderGen:Variant.Razy.979493
NANO-AntivirusTrojan.Win32.QQPass.dupaob
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b0f4bf
Ad-AwareGen:Variant.Razy.979493
SophosML/PE-A
BaiduWin32.Trojan-PSW.QQPass.ag
ZillyaTrojan.QQPass.Win32.25994
TrendMicroTSPY_QQPASS_EK0502A0.UVPM
McAfee-GW-EditionPWS-FCCD!FE32461E7FB5
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Razy.979493 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.bhsao
AviraTR/PSW.QQpass.fkjdue
MAXmalware (ai score=80)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Razy.DEF225
GDataWin32.Trojan.PSE.1DPEYYJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Stealer.R143066
Acronissuspicious
McAfeeGenericRXAA-AA!ADB411E5F857
VBA32BScope.Trojan.StartPage
MalwarebytesMalware.Heuristic.1003
APEXMalicious
RisingTrojan.Kryptik!1.B3E8 (CLASSIC)
YandexTrojan.GenAsa!RT6uftEKYcE
IkarusTrojan.Win32.Dynamer
FortinetW32/QQPass.OVQ!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Razy.979493 (B)?

Razy.979493 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment