Categories: Malware

Lazy.1327 (B) removal tips

The Lazy.1327 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.1327 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Arabic (Iraq)
Authenticode signature is invalid
Collects and encrypts information about the computer likely to send to C2 server
Collects information about installed applications
CAPE detected the DridexLoader malware family
Attempts to modify proxy settings

How to determine Lazy.1327 (B)?


File Info:
name: A7A063EC3AE19BCE43C7.mlwpath: /opt/CAPEv2/storage/binaries/4ba12185abd8fa4f7dff87d5b9e57049f3caed935485914b525a8f201e3e9290crc32: 55A1B16Bmd5: a7a063ec3ae19bce43c7a3f3b38fcb78sha1: db5c808869d94fc7141c10491805a83a1467f37bsha256: 4ba12185abd8fa4f7dff87d5b9e57049f3caed935485914b525a8f201e3e9290sha512: 15feb0af3e4eefb1e72b5959206eb2bcc1f1b1d75be0aa29781fbc708ee11941640663d6a49eb7d9068f371375b4407957f6ac9a9b20370cd2dd1c84e4cc1283ssdeep: 12288:Sh8VWwkjZvPgkPTn3n3n3n3n3n3n3LFPMdV4Fgw:K86pPrJkdV4Kwtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F5351238FDAC5BE7E5494AB280537AB26BFEF4101771C1A35FC684175E043E26DA3622sha3_384: 5e16113ea55639f7234af00471ac8db98dd8135f83301e9d26047b46865cd3a793c8c40e1e5767ea34385b49eb91c1d7ep_bytes: 558bec83ec10c745fc00000000c745f8timestamp: 2021-11-24 07:18:19
Version Info:
CompanyName: AVG Technologies CZ, s.r.o.FileDescription: aswChLic componentFileVersion: 17.3.3443.0InternalName: aswChLicLegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.OriginalFilename: aswChLic.exeProductName: AVG Internet Security System ProductVersion: 17.3.3443.0Translation: 0x0009 0x04b0

Lazy.1327 (B) also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.1327
FireEye	Generic.mg.a7a063ec3ae19bce
McAfee	GenericRXAA-AA!A7A063EC3AE1
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0058a6f11 )
Alibaba	Trojan:Win32/Obfuscator.e3e67930
K7GW	Trojan ( 0058a6f11 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Dridex.GD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HEWP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Gen:Variant.Lazy.1327
Avast	Win32:BotX-gen [Trj]
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Gen:Variant.Lazy.1327
Sophos	ML/PE-A + Mal/EncPk-APV
DrWeb	Trojan.Dridex.735
TrendMicro	TROJ_GEN.R002C0DKR21
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.tm
Emsisoft	Gen:Variant.Lazy.1327 (B)
Ikarus	Trojan.Win32.Crypt
GData	Gen:Variant.Lazy.1327
Jiangmin	Trojan.Generic.hduxv
Avira	TR/AD.Dridex.kwfti
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.34CC446
Gridinsoft	Ransom.Win32.Zbot.sa
Microsoft	Trojan:Win32/Obfuscator.RT!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Obfuscator.R453017
BitDefenderTheta	Gen:NN.ZexaF.34294.dr0@a0LUmIdO
ALYac	Gen:Variant.Lazy.1327
VBA32	BScope.Trojan-Spy.Zbot
Malwarebytes	Trojan.Downloader
TrendMicro-HouseCall	TROJ_GEN.R002C0DKR21
Rising	Trojan.Kryptik!1.D606 (CLASSIC)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/GenKryptik.FMFO!tr
AVG	Win32:BotX-gen [Trj]
Cybereason	malicious.869d94
Panda	Trj/GdSda.A