What is "Razy.812456 (B)"?

The Razy.812456 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Razy.812456 (B) virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Presents an Authenticode digital signature
A process attempted to delay the analysis task.
Reads data out of its own binary image
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to modify proxy settings
Collects information to fingerprint the system

Related domains:

downloader.aldtop.com

client.aldtop.com

resource.aldtop.com

api.aldtop.com

How to determine Razy.812456 (B)?


File Info:
crc32: 9FF58838
md5: 92b6e2a1b9a199ff51cdc02ce81181c0
name: 92B6E2A1B9A199FF51CDC02CE81181C0.mlw
sha1: 0c7818d3eca8a264265c51f6fc7284ce271a5386
sha256: ee19b592acbca8e50b7016fc42b076d9b58b2fdc3698d517c8541493b3e47d32
sha512: e3ad6fe4e590c8f8210ee340fb13da1070be8b5b4760b779f9a0ef39a56f246a54ea392c19eb85ff55a925cf89399de8fd49cbf136070a3208d069f8cb767b57
ssdeep: 12288:rHmNnmTmmL6bWiT0zRmo0E271z2emEugOIatUOK38ytZqYLoK+qdCkJjpJ0aEHBm:rHw6zyhNuTIlttMqCkJjDBEH7xNydX
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright (C) 2018
InternalName: FastDownloader.exe
FileVersion: 3.2.0.8
CompanyName: -
ProductName: x8f6fx4ef6x4e0bx8f7dx5668
ProductVersion: 3.2.0.8
FileDescription:  
OriginalFilename: FastDownloader.exe
Translation: 0x0804 0x04b0

Razy.812456 (B) also known as:

K7AntiVirus	Riskware ( 0049f6ae1 )
Elastic	malicious (high confidence)
DrWeb	Adware.Downware.19825
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Downer
ALYac	Gen:Variant.Razy.812456
Cylance	Unsafe
Sangfor	PUP.Win32.Downer.mt
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Downloader:Win32/DownWare.cc289f1a
K7GW	Riskware ( 0049f6ae1 )
Cybereason	malicious.1b9a19
Cyren	W32/Trojan.XIWH-8579
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:WormX-gen [Wrm]
Kaspersky	not-a-virus:HEUR:Downloader.Win32.Agent.gen
BitDefender	Gen:Variant.Razy.812456
NANO-Antivirus	Trojan.Win32.Razy.iuoheg
MicroWorld-eScan	Gen:Variant.Razy.812456
Ad-Aware	Gen:Variant.Razy.812456
Sophos	Downer (PUA)
Comodo	ApplicUnwnt@#l8kg3rgow41e
TrendMicro	TROJ_FRS.0NA103E821
McAfee-GW-Edition	PUP-XOL-HX
FireEye	Gen:Variant.Razy.812456
Emsisoft	Gen:Variant.Razy.812456 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Downloader.Agent.ors
Webroot	W32.Adware.Gen
Avira	ADWARE/DownWare.Q
eGambit	Unsafe.AI_Score_99%
Microsoft	PUA:Win32/Downer
Gridinsoft	Adware.Agent.sd!c
GData	Gen:Variant.Razy.812456
AhnLab-V3	PUP/Win32.RL_Downloader.R367892
McAfee	Artemis!92B6E2A1B9A1
MAX	malware (ai score=82)
VBA32	Downloader.Agent
Malwarebytes	PUP.Optional.ChinAd
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_FRS.0NA103E821
Rising	Adware.Downloader!1.CB5D (CLOUD)
Yandex	PUA.Downloader!WtenYWxAXR0
Ikarus	PUA.RiskWare.Downer
MaxSecure	Trojan.Malware.12156347.susgen
Fortinet	Riskware/Downer.DD89
AVG	Win32:WormX-gen [Wrm]

How to remove Razy.812456 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Razy.812456 (B)”?