Malware

Lazy.1327 malicious file

Malware Removal

The Lazy.1327 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.1327 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Iraq)
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • CAPE detected the DridexLoader malware family
  • Attempts to modify proxy settings

How to determine Lazy.1327?



File Info:

name: C608B73B0C20EF106F78.mlw
path: /opt/CAPEv2/storage/binaries/48e300351f5b884a32565f254d66daa22f2ee02b350175d61c7e1ec7044ca1a8
crc32: D839FA91
md5: c608b73b0c20ef106f787dfca860a111
sha1: 5e03f2d592470a3e18ace20016da1786795d53bd
sha256: 48e300351f5b884a32565f254d66daa22f2ee02b350175d61c7e1ec7044ca1a8
sha512: 7497a6defe596c55f78897a19bcbd113ed691ab7a85c690a755e3bcfe2cadd73f76a3479fc51e9ddcb8a5a37654c9db4546b5a11eb2632eb55ea956cf7405508
ssdeep: 12288:Zh8VWwkjZvPgkPTn3n3n3n3n3n3nXLFPMdV4Fgw:P86pPLJkdV4Kw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T100351238FDAC5BE7E5494AB280537AB26BFEF4101771C1A35FC684175E043E26DA3622
sha3_384: 6b8b10e02f3dd9944712a86f3fb5ffbd9ceb2919bde2895801d49e403db1e501f7be7a44a270e17ae9f473ccd6a590de
ep_bytes: 558bec83ec10c745fc00000000c745f8
timestamp: 2021-11-23 20:15:44


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: aswChLic component
FileVersion: 17.3.3443.0
InternalName: aswChLic
LegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
OriginalFilename: aswChLic.exe
ProductName: AVG Internet Security System 
ProductVersion: 17.3.3443.0
Translation: 0x0009 0x04b0

Lazy.1327 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.1327
FireEyeGeneric.mg.c608b73b0c20ef10
ALYacGen:Variant.Lazy.1327
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058a6f11 )
K7GWTrojan ( 0058a6f11 )
Cybereasonmalicious.592470
CyrenW32/Dridex.GD.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HEWP
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.1327
AvastWin32:BotX-gen [Trj]
TencentMalware.Win32.Gencirc.10cf8de2
Ad-AwareGen:Variant.Lazy.1327
SophosMal/Generic-R + Mal/EncPk-APV
DrWebTrojan.Dridex.735
TrendMicroTROJ_GEN.R002C0DKQ21
McAfee-GW-EditionBehavesLike.Win32.Ransomware.tm
EmsisoftGen:Variant.Lazy.1327 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.Agent.wkzhj
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.34CC446
MicrosoftTrojan:Win32/Obfuscator.RT!MTB
GDataGen:Variant.Lazy.1327
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Obfuscator.R453017
McAfeeGenericRXAA-AA!C608B73B0C20
VBA32BScope.Trojan-Spy.Zbot
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTROJ_GEN.R002C0DKQ21
RisingTrojan.Kryptik!1.D606 (CLASSIC)
IkarusTrojan.Win32.Crypt
FortinetW32/GenKryptik.FMFO!tr
BitDefenderThetaGen:NN.ZexaF.34294.dr0@aW0H2YkO
AVGWin32:BotX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Lazy.1327?

Lazy.1327 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment