Malware

How to remove “Lazy.104652”?

Malware Removal

The Lazy.104652 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.104652 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Deletes executed files from disk
  • Collects information to fingerprint the system

How to determine Lazy.104652?



File Info:

name: A67E8FE05B07E8FF6228.mlw
path: /opt/CAPEv2/storage/binaries/aeaddb9a55e1138fc387740d87f3fda1e88dc8a02faeee0a91eb277226c59118
crc32: 49EF7B25
md5: a67e8fe05b07e8ff62285024b0466cb2
sha1: d9907832863d55d4589b0067387c90846dd6e37a
sha256: aeaddb9a55e1138fc387740d87f3fda1e88dc8a02faeee0a91eb277226c59118
sha512: fa95ee4f90272cb2dcbc436fa329b0aefe0ffe3b3ddb266e1e39f8ced65926229d9a384d39b5a7342b3a98c12adb1525b5a57adf26cff7ebf31d07b820b23306
ssdeep: 3072:sU9ZS5razIdbWq+nzcXm8jJyK7IZRD06Wkjj6roorkYx4HYlyiY/y9+ZkqS:sI2FbWqKym8dyK7IZWYj3IkGa2G8+y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11024F19729C5F7F2D8038D7B16E24A614575BC7D790D03E1E81272983C7AAE2D80B3A7
sha3_384: e32b0d520606bfa1c475027b33bef336187c5eaa498692c7893b501e1c4ba72504058ccdce973319e5cfbda1ec0bf8aa
ep_bytes: 6880d64200e8f0ffffff000000000000
timestamp: 2015-08-09 15:33:39


Version Info:

Translation: 0x0409 0x04b0
Comments: Insulated
CompanyName: Kaeria SARL
FileDescription: Goldurns
ProductName: Sunglasses
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Cavilers2
OriginalFilename: Cavilers2.exe

Lazy.104652 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.104652
FireEyeGeneric.mg.a67e8fe05b07e8ff
CAT-QuickHealTrojanPWS.Zbot.AC3
McAfeeFareit-FGY!A67E8FE05B07
CylanceUnsafe
ZillyaTrojan.Injector.Win32.1402342
Sangfor[MICROSOFT VISUAL BASIC 5.0]
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Injector.d912c2a4
K7GWTrojan ( 004cce791 )
K7AntiVirusTrojan ( 004cce791 )
VirITTrojan.Win32.VBPack_Heur
CyrenW32/Zbot.XH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.CGOF
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packer.VbPack-0-6334882-0
KasperskyTrojan-Spy.Win32.Zbot.wdgz
BitDefenderGen:Variant.Lazy.104652
NANO-AntivirusTrojan.Win32.Zbot.dypfbl
AvastWin32:Agent-BAAW [Trj]
RisingTrojan.Injector!1.B459 (CLASSIC)
Ad-AwareGen:Variant.Lazy.104652
EmsisoftGen:Variant.Lazy.104652 (B)
DrWebTrojan.Siggen6.32796
VIPREGen:Variant.Lazy.104652
TrendMicroTROJ_HPVB.SM3
McAfee-GW-EditionFareit-FGY!A67E8FE05B07
Trapminemalicious.moderate.ml.score
SophosTroj/VBInj-MC
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Lazy.104652
AviraHEUR/AGEN.1206810
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.31
ArcabitTrojan.Lazy.D198CC
SUPERAntiSpywareTrojan.Agent/Gen-VB
MicrosoftPWS:Win32/Zbot!VM
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrand.Gen
Acronissuspicious
VBA32TrojanSpy.Zbot
ALYacGen:Variant.Lazy.104652
MalwarebytesTrojan.DorkBot.ED
TrendMicro-HouseCallTROJ_HPVB.SM3
TencentMalware.Win32.Gencirc.114c71e9
YandexTrojanSpy.Zbot!iKPZhay+PZg
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.CLPK!tr
BitDefenderThetaGen:NN.ZevbaF.34806.nm0@aKTcsNmi
AVGWin32:Agent-BAAW [Trj]
Cybereasonmalicious.2863d5
PandaTrj/Genetic.gen

How to remove Lazy.104652?

Lazy.104652 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment