Trojan.Razy.AF
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Razy.AF |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
aee3665fab24d784dd79ff48f7960a79
SHA1:
2c6dd8d94a0c2b854a78571e4f40613a1a4c920d
SHA256:
C68CAD1AF4BE9B38B4125863D28311017A9C7E821C6B24FEE0934D9D9457192B
File Size:
2.94 MB, 2938368 bytes
|
|
MD5:
cf6a7c09afa97fff828991dad3706fe5
SHA1:
1a88dd16c484c3809eb98a254a38ccd187802f6f
SHA256:
B77A48A64DC063CB14CEC2FEFC5DC6B331553E42A7222907C903AC0A69EA70E1
File Size:
3.00 MB, 2995200 bytes
|
|
MD5:
a4eda4a95c88f33798ce1d46c39ec626
SHA1:
57bcbd828f2ba46511b9df87d46d28fe6201caa0
SHA256:
FF4D420B1932A3A91CE6F4508B95189E00B2161EBD5244D1DEF75278B30285EE
File Size:
2.32 MB, 2323456 bytes
|
|
MD5:
3ca1601966ff2ada465f97048c290d86
SHA1:
6d64a520f833ada3268b79a492e27e330c82d4d6
SHA256:
D3057B41AE921B393BE6861838FD005C877B90780CA46E48D978679F8E93CD55
File Size:
3.12 MB, 3122176 bytes
|
|
MD5:
c36cf727acac8a6fbbc681df62bcdebb
SHA1:
328a096107407f52c7c2b8e59372b857edc53c66
SHA256:
BE0899F38AAD9C59CF6B9FC0B332D73A15C2B6DC3A53676E1480D9E4147A440A
File Size:
3.10 MB, 3096576 bytes
|
Show More
|
MD5:
f8f0b4b499c8ed82bd2012a4c998d57d
SHA1:
8385c6240878e6f7fd765b49b206b831f9e5756c
SHA256:
5813BEF72C9552376AD881375B88C215CC75A8CF534AB7B0E90C42AD0FF4730A
File Size:
2.95 MB, 2945024 bytes
|
|
MD5:
b4ffa214fe0db604b24b36ca309e455d
SHA1:
47d02ca55d8227123b7134601ad35160dbbd0204
SHA256:
772692FFBCD8CF23E4323C73D178EF2CC48A717C718E67038C74A78933E12C7E
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
d75745189b0f316eb4a45da8927e1fe8
SHA1:
59914b72d2cb5549e02d8d6536e2e2be290a0397
SHA256:
7FFB7675608A77495D1664B4DDDE66421911BF6A5DD95A634F8D13F773527FF0
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
c5d19f3d90f0c4b0a480c140fbdfc843
SHA1:
e4b0d75507588516a2d1ce5a359e18d79ee5b94c
SHA256:
570A3ED4AC954EFA703EF624741468967CA5E7E135279D29481F79957F38B3FA
File Size:
3.10 MB, 3096576 bytes
|
|
MD5:
a3cbf8cd7b5a52b1cf4a159ce274d5dd
SHA1:
68e93849955cb7eb9eb9441fa980feb10f674067
SHA256:
68D08A91241FAF14597FA1F527A371DFA136CF9944327BE70946F936996AB5D5
File Size:
2.65 MB, 2650112 bytes
|
|
MD5:
b01b4b8a21dc6900812017f1c665f69b
SHA1:
d7e01fa443cdcda2f1619d8be0f07017c63c9a1e
SHA256:
4E761D166F01C22B4D7357FD922F1F652BC3B2FBE680342AF5D8C85F82EB842C
File Size:
2.71 MB, 2712576 bytes
|
|
MD5:
355e8d86725b78e9590f95c325498305
SHA1:
be6741a5ee140a6a770b8ab6186707f1718a581b
SHA256:
46D1329D1EF958CB67323E24FA99A54401331273F21AD5ED25EE74C0A299E74E
File Size:
3.08 MB, 3076096 bytes
|
|
MD5:
0d7bef1c5b0ef047b21562871f57fa9e
SHA1:
2cb58bc98352d7ffc0065f227cdb3530e1262fc8
SHA256:
92C6F4226FE9892F2F398EAC23790984FA01D745B7E7E46B9858EE769E561AB2
File Size:
2.74 MB, 2742784 bytes
|
|
MD5:
f2d5c6770172354be4ca61ed0cfa0053
SHA1:
f7c4a3ed6df41b8c8bf55458f393e6f636c6ac6a
SHA256:
B2B0005A546DA11873A9548353DEA6BFD94F785A6A37DDC52DFABB49C6C9BF31
File Size:
2.99 MB, 2993664 bytes
|
|
MD5:
04391f187d943e71196d9370d68faea7
SHA1:
96a30c236fb6a63122a36e05205ad69be772467a
SHA256:
C471EE70983455FFD2BA75A76D0990AB348DDE9E10D2C22448C86860C8790E0F
File Size:
2.88 MB, 2875392 bytes
|
|
MD5:
9689a483bfbacbbbe4dd797ffc958ae0
SHA1:
cc95575a91e9bcfc4a722f30b20671b543993c7f
SHA256:
5233045302AF8A48943D805734F9F41122836973B928709EA47F4F3889797913
File Size:
3.14 MB, 3139072 bytes
|
|
MD5:
e8906818ca4f6f6a07ea98c6edaac0ee
SHA1:
453eab1e19e90e8af5071c74daa8d5102cc765bd
SHA256:
26A9D85DE34342BB7D0B06D51772CB6ACD8ECC58B6D156E043153F98A12B35FD
File Size:
2.81 MB, 2813952 bytes
|
|
MD5:
d30dbd71d43d293d98d916cc5557e4bf
SHA1:
79d14c3f88d676bbcbfdd213aa8d64bf2d2e344a
SHA256:
5A6D5E9856AD06934D6F4A9604CB645986EFD12EA54BC064DF55EC0738F6B07B
File Size:
3.05 MB, 3053568 bytes
|
|
MD5:
b2c30d78ea3aca1e0c52d0aae6911d51
SHA1:
6828fc2f943cd58dec159580b7916ac361a8d4dd
SHA256:
DF992F11473ED8570702F05DDE32EDC157406032799B507BB798ED8180668F96
File Size:
3.05 MB, 3053568 bytes
|
|
MD5:
e937538754de9ab7ab9b25f942ef05e3
SHA1:
be9389e88de6164495b9936e9139711c1d4e2ad7
SHA256:
65F11DE7C978FDC4649B63F82BCF93328B7AD601E51F9DD5581E085A048EB73E
File Size:
3.05 MB, 3053568 bytes
|
|
MD5:
1e25c7badffed453ab48b406ef4e8ba1
SHA1:
ec03a8dee6d22db287702fa2d3292134a090d1ee
SHA256:
F2978AD2940C0B58B4C4BE6872C201E1FD5F208C85A1BA74039CD46E88F72338
File Size:
2.44 MB, 2435584 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have security information
- File is .NET application
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Assembly Version | 0.0.0.0 |
| File Version | 0.0.0.0 |
| Internal Name |
Show More
|
| Original Filename |
Show More
|
| Product Version | 0.0.0.0 |
File Traits
- .NET
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 0 |
| Unknown Blocks: | 0 |
Visual Map
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Razy.AF
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\tmp15e0.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmp1c2a.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmp1d4b.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmp4d73.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmp5aaa.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmp88d.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa6ab.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpa9e7.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb15d.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpb7ac.tmp.exe | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\tmpb868.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpbc02.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpbc31.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpbc7f.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpbcfc.tmp.exe | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\tmpcc5f.tmp.exe | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| User Data Access |
|
| Anti Debug |
|