Multi-License Discount Quote

Change Region

English
Threat Database Spyware Trojan.RazeSpyware.A

Trojan.RazeSpyware.A

By CagedTech in Spyware, Trojans

Threat Scorecard

Popularity Rank: 11,091
Threat Level: 80 % (High)
Infected Computers: 253
First Seen: February 2, 2023
Last Seen: June 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.RazeSpyware.A
Signature status: No Signature

Known Samples

MD5: d82f1de30d92a773bd5a79368817c857
SHA1: 85ebdd6ee3295d3d24318191387d21e933185ceb
SHA256: B7818F50E14DC03C6C75125D8EAE6C6600FBDC63B77B3FCAA64279D6B2CA6CBC
File Size: 1.88 MB, 1879315 bytes
MD5: db8e486319955312547c06764fb09b76
SHA1: b4f512325a81cd973c001ba8d989f2f67dcd5e56
SHA256: B44AD346598FCD5AF205092E718B3A0A18CCCECA63ED6835EA5695280AA47010
File Size: 1.43 MB, 1430705 bytes
MD5: 2784aa85c0448298664468122e3b3f37
SHA1: c0a574934d851ee4580de6e8d0ff407ecfcbdafb
SHA256: 8D6516442A1C5F25D0B203B1D44A7F0E4A15C3BD761F22BC220683DA6D4490C6
File Size: 768.00 KB, 768000 bytes
MD5: cd5803a914dc8f8a8eac8c772283b5e6
SHA1: ff822401f381beeff80e27eedb618e1eef1a42f5
SHA256: D9B8DB2C05849AF595AEA80017C4CE08D163F9C9ECA21C5C3B26079E860EAAF4
File Size: 8.27 MB, 8273920 bytes
MD5: 225419f9e24ffb33a5eb8e6d4c72de78
SHA1: c4566a19f0aca554693f05bad8f4191deac17e92
SHA256: 5B3378C205A58EA78FB17CEBE2620E9116ED1F426A73A990FD7015CC87CEDFF1
File Size: 948.22 KB, 948224 bytes
Show More
MD5: 601df37bca071ac79996a5d9c0396e9d
SHA1: dc21a1f0fd508c312edd31190109a13b0378494f
SHA256: 46CE10ED9A086DE717DD2987AD4D35007B889CF9A217EBBE22AB1A0E6172E3A3
File Size: 3.01 MB, 3008000 bytes
MD5: 6506bb972c661d3041f6b89c11c0d1c7
SHA1: a6932cf8d032b13f2cec396d1721bdff2fecc388
SHA256: CDED111F70691BF09CC0E50A18DDDF989E4CF62EE6BB0F96C763E93A327FD06B
File Size: 467.46 KB, 467456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Code Calculator for some radios . Private build.
Company Name
  • Synaptics
  • TVS
File Description
  • Code Calculator
  • Synaptics Pointing Device Driver
File Version
  • 2.21.71.157
  • 1.0.0.4
Internal Name CalcGen.exe
Legal Copyright (C) VAF 2001
Legal Trademarks TVS VAF
Original Filename CalcGen.exe
Private Build For -=carradio_decoding=- group members only !
Product Name
  • Code Calculator
  • Synaptics Pointing Device Driver
Product Version
  • Second Edition
  • 1.0.0.0

File Traits

  • 00 section
  • HighEntropy
  • No Version Info
  • x64
  • x86

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxbc02.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\1.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4zcynoe.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\calcgen v[1][1].exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
Show More
c:\users\user\appdata\roaming\winsl\l4\12\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\$_temp_$.$$$ Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\classes\.key:: regfile RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{289211c2-bee8-e720-51b6-759c4a184739}:: x1f6wz/Jph6hvJwT RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鴅ȁ獖}e¶iꙥžr ֢ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Process Shell Execute
  • ShellExecute
  • ShellExecuteEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket
Syscall Use
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

runas c:\users\user\downloads\._cache_ff822401f381beeff80e27eedb618e1eef1a42f5_0008273920
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate
open C:\Users\Voyuxvle\AppData\Local\Temp\1.EXE
open C:\Users\Voyuxvle\AppData\Local\Temp\CALCGEN V[1][1].EXE

Trending

Most Viewed

Loading...