Malware

Raldhep.1 removal guide

Malware Removal

The Raldhep.1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Raldhep.1 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial language used in binary resources: Korean
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Raldhep.1?



File Info:

name: 57099AFA2EE1830E800B.mlw
path: /opt/CAPEv2/storage/binaries/e70ea181261b52c1b26c4d5efc938599b83dfbb4ee0fa7ad3c41ee2899f8372c
crc32: 997A5009
md5: 57099afa2ee1830e800b6e2a7a3a5e22
sha1: 03fa4d6fc73b8f80e9bef110387fb777cb10749d
sha256: e70ea181261b52c1b26c4d5efc938599b83dfbb4ee0fa7ad3c41ee2899f8372c
sha512: 25eef5baf45435c069c49ea23c1f3114aa580074bc34885e573f30088499424062605a09a2e2e7a4bec88965d9d79d1cfb6ed9523fd3211cef389842a96f178f
ssdeep: 3072:+BYPWMKUTQqtZkPFlWrE6A2XvfhtBPEvkhH5FGs:YZAWPXWrUqHhHMMb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EAF3492C32E1C0B3E853007589F6D7B19AAAFD354E658A437B812F6F7F315978E18246
sha3_384: 82c56ffa1f5d2f8d584201d0f8ff436869adc4ec0b1272750692e5476aeceb896463d699f74488950df9887c1ff27a7f
ep_bytes: e8c76e0000e978feffff8bff558bec8b
timestamp: 2010-11-07 22:40:46


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
LegalCopyright: TODO: (c) .  All rights reserved.
InternalName: IEKeyword_EXE.exe
OriginalFilename: IEKeyword_EXE.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0412 0x03b5

Raldhep.1 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Raldhep.1
FireEyeGeneric.mg.57099afa2ee1830e
McAfeeDownloader-FBFT!57099AFA2EE1
MalwarebytesAdware.WindowLivePot
K7AntiVirusTrojan-Downloader ( 005323b91 )
AlibabaTrojanDownloader:Win32/Fosniw.ab19fef4
K7GWTrojan-Downloader ( 005323b91 )
Cybereasonmalicious.a2ee18
BaiduWin32.Trojan-Downloader.Fosniw.a
CyrenW32/Fosniw.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Fosniw.AF
APEXMalicious
ClamAVWin.Trojan.Fosniw-2
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Raldhep.1
AvastWin32:Fosniw-F [Trj]
TencentWin32.Trojan.Generic.Stkj
Ad-AwareGen:Variant.Raldhep.1
SophosTroj/Fosniw-E
ComodoMalware@#3l79du9ub2nkj
F-SecureTrojan.TR/Agent.hbab
DrWebTrojan.DownLoad.64261
ZillyaDownloader.Fosniw.Win32.58962
McAfee-GW-EditionBehavesLike.Win32.NetLoader.ch
EmsisoftGen:Variant.Raldhep.1 (B)
SentinelOneStatic AI – Suspicious PE
AviraTR/Agent.hbab
Antiy-AVLTrojan/Generic.ASBOL.7634
MicrosoftTrojanDownloader:Win32/Fosniw.C
ViRobotTrojan.Win32.Fosniw.Gen
GDataGen:Variant.Raldhep.1
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Adload.R1606
VBA32BScope.Trojan.Occamy
ALYacGen:Variant.Raldhep.1
MAXmalware (ai score=100)
CylanceUnsafe
RisingTrojan.IEKeyword!1.6A27 (CLOUD)
YandexTrojan.DL.Fosniw!EuevPtuW6HQ
IkarusTrojan-Downloader.Win32.Fosniw
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/Dloader.ANW!tr
BitDefenderThetaGen:NN.ZexaF.34606.ku0@ameRAlpG
AVGWin32:Fosniw-F [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Raldhep.1?

Raldhep.1 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment