Multi-License Discount Quote

Change Region

English
Threat Database Spyware Trojan.RazeSpyware.A

Trojan.RazeSpyware.A

By CagedTech in Spyware, Trojans

Threat Scorecard

Popularity Rank: 10,160
Threat Level: 80 % (High)
Infected Computers: 244
First Seen: February 2, 2023
Last Seen: April 12, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.RazeSpyware.A
Signature status: No Signature

Known Samples

MD5: d82f1de30d92a773bd5a79368817c857
SHA1: 85ebdd6ee3295d3d24318191387d21e933185ceb
SHA256: B7818F50E14DC03C6C75125D8EAE6C6600FBDC63B77B3FCAA64279D6B2CA6CBC
File Size: 1.88 MB, 1879315 bytes
MD5: db8e486319955312547c06764fb09b76
SHA1: b4f512325a81cd973c001ba8d989f2f67dcd5e56
SHA256: B44AD346598FCD5AF205092E718B3A0A18CCCECA63ED6835EA5695280AA47010
File Size: 1.43 MB, 1430705 bytes
MD5: 2784aa85c0448298664468122e3b3f37
SHA1: c0a574934d851ee4580de6e8d0ff407ecfcbdafb
SHA256: 8D6516442A1C5F25D0B203B1D44A7F0E4A15C3BD761F22BC220683DA6D4490C6
File Size: 768.00 KB, 768000 bytes
MD5: cd5803a914dc8f8a8eac8c772283b5e6
SHA1: ff822401f381beeff80e27eedb618e1eef1a42f5
SHA256: D9B8DB2C05849AF595AEA80017C4CE08D163F9C9ECA21C5C3B26079E860EAAF4
File Size: 8.27 MB, 8273920 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Synaptics
File Description Synaptics Pointing Device Driver
File Version 1.0.0.4
Product Name Synaptics Pointing Device Driver
Product Version 1.0.0.0

File Traits

  • 00 section
  • HighEntropy
  • No Version Info
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxbc02.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\4zcynoe.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l4\12\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

runas c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...