Multi-License Discount Quote

Change Region

English
Threat Database Spyware Trojan.RazeSpyware.A

Trojan.RazeSpyware.A

By CagedTech in Spyware, Trojans

Threat Scorecard

Popularity Rank: 11,809
Threat Level: 80 % (High)
Infected Computers: 249
First Seen: February 2, 2023
Last Seen: June 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.RazeSpyware.A
Signature status: No Signature

Known Samples

MD5: d82f1de30d92a773bd5a79368817c857
SHA1: 85ebdd6ee3295d3d24318191387d21e933185ceb
SHA256: B7818F50E14DC03C6C75125D8EAE6C6600FBDC63B77B3FCAA64279D6B2CA6CBC
File Size: 1.88 MB, 1879315 bytes
MD5: db8e486319955312547c06764fb09b76
SHA1: b4f512325a81cd973c001ba8d989f2f67dcd5e56
SHA256: B44AD346598FCD5AF205092E718B3A0A18CCCECA63ED6835EA5695280AA47010
File Size: 1.43 MB, 1430705 bytes
MD5: 2784aa85c0448298664468122e3b3f37
SHA1: c0a574934d851ee4580de6e8d0ff407ecfcbdafb
SHA256: 8D6516442A1C5F25D0B203B1D44A7F0E4A15C3BD761F22BC220683DA6D4490C6
File Size: 768.00 KB, 768000 bytes
MD5: cd5803a914dc8f8a8eac8c772283b5e6
SHA1: ff822401f381beeff80e27eedb618e1eef1a42f5
SHA256: D9B8DB2C05849AF595AEA80017C4CE08D163F9C9ECA21C5C3B26079E860EAAF4
File Size: 8.27 MB, 8273920 bytes
MD5: 225419f9e24ffb33a5eb8e6d4c72de78
SHA1: c4566a19f0aca554693f05bad8f4191deac17e92
SHA256: 5B3378C205A58EA78FB17CEBE2620E9116ED1F426A73A990FD7015CC87CEDFF1
File Size: 948.22 KB, 948224 bytes
Show More
MD5: 601df37bca071ac79996a5d9c0396e9d
SHA1: dc21a1f0fd508c312edd31190109a13b0378494f
SHA256: 46CE10ED9A086DE717DD2987AD4D35007B889CF9A217EBBE22AB1A0E6172E3A3
File Size: 3.01 MB, 3008000 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Synaptics
File Description Synaptics Pointing Device Driver
File Version 1.0.0.4
Product Name Synaptics Pointing Device Driver
Product Version 1.0.0.0

File Traits

  • 00 section
  • HighEntropy
  • No Version Info
  • x64
  • x86

Block Information

Total Blocks: 229
Potentially Malicious Blocks: 8
Whitelisted Blocks: 221
Unknown Blocks: 0

Visual Map

0 0 x x 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 1 0 0 0 0 1 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 2 2 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 2 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxbc02.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\1.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4zcynoe.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\calcgen v[1][1].exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
Show More
c:\users\user\appdata\roaming\winsl\l4\12\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\$_temp_$.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\classes\.key:: regfile RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{289211c2-bee8-e720-51b6-759c4a184739}:: x1f6wz/Jph6hvJwT RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鴅ȁ獖}e¶iꙥžr ֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket
Syscall Use
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

runas c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate
open C:\Users\Voyuxvle\AppData\Local\Temp\1.EXE
open C:\Users\Voyuxvle\AppData\Local\Temp\CALCGEN V[1][1].EXE

Trending

Most Viewed

Loading...