Trojan.Razy.AF

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Razy.AF
Signature status:	No Signature

Known Samples

MD5: aee3665fab24d784dd79ff48f7960a79

SHA1: 2c6dd8d94a0c2b854a78571e4f40613a1a4c920d

SHA256: C68CAD1AF4BE9B38B4125863D28311017A9C7E821C6B24FEE0934D9D9457192B

File Size: 2.94 MB, 2938368 bytes

MD5: cf6a7c09afa97fff828991dad3706fe5

SHA1: 1a88dd16c484c3809eb98a254a38ccd187802f6f

SHA256: B77A48A64DC063CB14CEC2FEFC5DC6B331553E42A7222907C903AC0A69EA70E1

File Size: 3.00 MB, 2995200 bytes

MD5: a4eda4a95c88f33798ce1d46c39ec626

SHA1: 57bcbd828f2ba46511b9df87d46d28fe6201caa0

SHA256: FF4D420B1932A3A91CE6F4508B95189E00B2161EBD5244D1DEF75278B30285EE

File Size: 2.32 MB, 2323456 bytes

MD5: 3ca1601966ff2ada465f97048c290d86

SHA1: 6d64a520f833ada3268b79a492e27e330c82d4d6

SHA256: D3057B41AE921B393BE6861838FD005C877B90780CA46E48D978679F8E93CD55

File Size: 3.12 MB, 3122176 bytes

MD5: c36cf727acac8a6fbbc681df62bcdebb

SHA1: 328a096107407f52c7c2b8e59372b857edc53c66

SHA256: BE0899F38AAD9C59CF6B9FC0B332D73A15C2B6DC3A53676E1480D9E4147A440A

File Size: 3.10 MB, 3096576 bytes

MD5: f8f0b4b499c8ed82bd2012a4c998d57d

SHA1: 8385c6240878e6f7fd765b49b206b831f9e5756c

SHA256: 5813BEF72C9552376AD881375B88C215CC75A8CF534AB7B0E90C42AD0FF4730A

File Size: 2.95 MB, 2945024 bytes

MD5: b4ffa214fe0db604b24b36ca309e455d

SHA1: 47d02ca55d8227123b7134601ad35160dbbd0204

SHA256: 772692FFBCD8CF23E4323C73D178EF2CC48A717C718E67038C74A78933E12C7E

File Size: 3.10 MB, 3096576 bytes

MD5: d75745189b0f316eb4a45da8927e1fe8

SHA1: 59914b72d2cb5549e02d8d6536e2e2be290a0397

SHA256: 7FFB7675608A77495D1664B4DDDE66421911BF6A5DD95A634F8D13F773527FF0

File Size: 3.10 MB, 3096576 bytes

MD5: c5d19f3d90f0c4b0a480c140fbdfc843

SHA1: e4b0d75507588516a2d1ce5a359e18d79ee5b94c

SHA256: 570A3ED4AC954EFA703EF624741468967CA5E7E135279D29481F79957F38B3FA

File Size: 3.10 MB, 3096576 bytes

MD5: a3cbf8cd7b5a52b1cf4a159ce274d5dd

SHA1: 68e93849955cb7eb9eb9441fa980feb10f674067

SHA256: 68D08A91241FAF14597FA1F527A371DFA136CF9944327BE70946F936996AB5D5

File Size: 2.65 MB, 2650112 bytes

MD5: b01b4b8a21dc6900812017f1c665f69b

SHA1: d7e01fa443cdcda2f1619d8be0f07017c63c9a1e

SHA256: 4E761D166F01C22B4D7357FD922F1F652BC3B2FBE680342AF5D8C85F82EB842C

File Size: 2.71 MB, 2712576 bytes

MD5: 355e8d86725b78e9590f95c325498305

SHA1: be6741a5ee140a6a770b8ab6186707f1718a581b

SHA256: 46D1329D1EF958CB67323E24FA99A54401331273F21AD5ED25EE74C0A299E74E

File Size: 3.08 MB, 3076096 bytes

MD5: 0d7bef1c5b0ef047b21562871f57fa9e

SHA1: 2cb58bc98352d7ffc0065f227cdb3530e1262fc8

SHA256: 92C6F4226FE9892F2F398EAC23790984FA01D745B7E7E46B9858EE769E561AB2

File Size: 2.74 MB, 2742784 bytes

MD5: f2d5c6770172354be4ca61ed0cfa0053

SHA1: f7c4a3ed6df41b8c8bf55458f393e6f636c6ac6a

SHA256: B2B0005A546DA11873A9548353DEA6BFD94F785A6A37DDC52DFABB49C6C9BF31

File Size: 2.99 MB, 2993664 bytes

MD5: 04391f187d943e71196d9370d68faea7

SHA1: 96a30c236fb6a63122a36e05205ad69be772467a

SHA256: C471EE70983455FFD2BA75A76D0990AB348DDE9E10D2C22448C86860C8790E0F

File Size: 2.88 MB, 2875392 bytes

MD5: 9689a483bfbacbbbe4dd797ffc958ae0

SHA1: cc95575a91e9bcfc4a722f30b20671b543993c7f

SHA256: 5233045302AF8A48943D805734F9F41122836973B928709EA47F4F3889797913

File Size: 3.14 MB, 3139072 bytes

MD5: e8906818ca4f6f6a07ea98c6edaac0ee

SHA1: 453eab1e19e90e8af5071c74daa8d5102cc765bd

SHA256: 26A9D85DE34342BB7D0B06D51772CB6ACD8ECC58B6D156E043153F98A12B35FD

File Size: 2.81 MB, 2813952 bytes

MD5: d30dbd71d43d293d98d916cc5557e4bf

SHA1: 79d14c3f88d676bbcbfdd213aa8d64bf2d2e344a

SHA256: 5A6D5E9856AD06934D6F4A9604CB645986EFD12EA54BC064DF55EC0738F6B07B

File Size: 3.05 MB, 3053568 bytes

MD5: b2c30d78ea3aca1e0c52d0aae6911d51

SHA1: 6828fc2f943cd58dec159580b7916ac361a8d4dd

SHA256: DF992F11473ED8570702F05DDE32EDC157406032799B507BB798ED8180668F96

File Size: 3.05 MB, 3053568 bytes

MD5: e937538754de9ab7ab9b25f942ef05e3

SHA1: be9389e88de6164495b9936e9139711c1d4e2ad7

SHA256: 65F11DE7C978FDC4649B63F82BCF93328B7AD601E51F9DD5581E085A048EB73E

File Size: 3.05 MB, 3053568 bytes

MD5: 1e25c7badffed453ab48b406ef4e8ba1

SHA1: ec03a8dee6d22db287702fa2d3292134a090d1ee

SHA256: F2978AD2940C0B58B4C4BE6872C201E1FD5F208C85A1BA74039CD46E88F72338

File Size: 2.44 MB, 2435584 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Assembly Version	0.0.0.0
File Version	0.0.0.0
Internal Name	tmp1E6F.tmp tmp5A42.tmp tmp6BF5.tmp tmp6F4B.tmp tmp6FBC.tmp tmp9AF4.tmp tmp9E64.tmp tmp51A8.tmp tmp73BF.tmp tmp261C.tmp Show More tmp1771.tmp tmp9111.tmp tmp9572.tmp tmpA24D.tmp tmpB0DC.tmp tmpB9AF.tmp tmpC86E.tmp tmpCB8F.tmp tmpCF1F.tmp tmpE34A.tmp tmpFB41.tmp
Original Filename	tmp1E6F.tmp tmp5A42.tmp tmp6BF5.tmp tmp6F4B.tmp tmp6FBC.tmp tmp9AF4.tmp tmp9E64.tmp tmp51A8.tmp tmp73BF.tmp tmp261C.tmp Show More tmp1771.tmp tmp9111.tmp tmp9572.tmp tmpA24D.tmp tmpB0DC.tmp tmpB9AF.tmp tmpC86E.tmp tmpCB8F.tmp tmpCF1F.tmp tmpE34A.tmp tmpFB41.tmp
Product Version	0.0.0.0

File Traits

.NET
x86

Block Information

Total Blocks:	1
Potentially Malicious Blocks:	1
Whitelisted Blocks:	0
Unknown Blocks:	0

Visual Map

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Razy.AF

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\tmp15e0.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp1c2a.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp1d4b.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp4d73.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp5aaa.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmp88d.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpa6ab.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpa9e7.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpb15d.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpb7ac.tmp.exe	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\tmpb868.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpbc02.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpbc31.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpbc7f.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpbcfc.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tmpcc5f.tmp.exe	Generic Write,Read Attributes

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection Show More ntdll.dll!NtCreateThreadEx ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenSection ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtYieldExecution UNKNOWN
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Razy.AF

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Submit Comment

Trending

Ice Open Network (IOP) Airdrop

Your Account Is Secure & Ready Email Scam

ValidVersion.app

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen