Malware

Lazy.1327 (B) removal tips

Malware Removal

The Lazy.1327 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.1327 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Iraq)
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • CAPE detected the DridexLoader malware family
  • Attempts to modify proxy settings

How to determine Lazy.1327 (B)?



File Info:

name: A7A063EC3AE19BCE43C7.mlw
path: /opt/CAPEv2/storage/binaries/4ba12185abd8fa4f7dff87d5b9e57049f3caed935485914b525a8f201e3e9290
crc32: 55A1B16B
md5: a7a063ec3ae19bce43c7a3f3b38fcb78
sha1: db5c808869d94fc7141c10491805a83a1467f37b
sha256: 4ba12185abd8fa4f7dff87d5b9e57049f3caed935485914b525a8f201e3e9290
sha512: 15feb0af3e4eefb1e72b5959206eb2bcc1f1b1d75be0aa29781fbc708ee11941640663d6a49eb7d9068f371375b4407957f6ac9a9b20370cd2dd1c84e4cc1283
ssdeep: 12288:Sh8VWwkjZvPgkPTn3n3n3n3n3n3n3LFPMdV4Fgw:K86pPrJkdV4Kw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5351238FDAC5BE7E5494AB280537AB26BFEF4101771C1A35FC684175E043E26DA3622
sha3_384: 5e16113ea55639f7234af00471ac8db98dd8135f83301e9d26047b46865cd3a793c8c40e1e5767ea34385b49eb91c1d7
ep_bytes: 558bec83ec10c745fc00000000c745f8
timestamp: 2021-11-24 07:18:19


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: aswChLic component
FileVersion: 17.3.3443.0
InternalName: aswChLic
LegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
OriginalFilename: aswChLic.exe
ProductName: AVG Internet Security System 
ProductVersion: 17.3.3443.0
Translation: 0x0009 0x04b0

Lazy.1327 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.1327
FireEyeGeneric.mg.a7a063ec3ae19bce
McAfeeGenericRXAA-AA!A7A063EC3AE1
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058a6f11 )
AlibabaTrojan:Win32/Obfuscator.e3e67930
K7GWTrojan ( 0058a6f11 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Dridex.GD.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HEWP
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.1327
AvastWin32:BotX-gen [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Lazy.1327
SophosML/PE-A + Mal/EncPk-APV
DrWebTrojan.Dridex.735
TrendMicroTROJ_GEN.R002C0DKR21
McAfee-GW-EditionBehavesLike.Win32.Ransomware.tm
EmsisoftGen:Variant.Lazy.1327 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Lazy.1327
JiangminTrojan.Generic.hduxv
AviraTR/AD.Dridex.kwfti
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.34CC446
GridinsoftRansom.Win32.Zbot.sa
MicrosoftTrojan:Win32/Obfuscator.RT!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Obfuscator.R453017
BitDefenderThetaGen:NN.ZexaF.34294.dr0@a0LUmIdO
ALYacGen:Variant.Lazy.1327
VBA32BScope.Trojan-Spy.Zbot
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTROJ_GEN.R002C0DKR21
RisingTrojan.Kryptik!1.D606 (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/GenKryptik.FMFO!tr
AVGWin32:BotX-gen [Trj]
Cybereasonmalicious.869d94
PandaTrj/GdSda.A

How to remove Lazy.1327 (B)?

Lazy.1327 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment