Malware

How to remove “Lazy.135021”?

Malware Removal

The Lazy.135021 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.135021 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Detects the presence of Wine emulator via function name
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Lazy.135021?



File Info:

name: E6DEF69B338C7D5B8A72.mlw
path: /opt/CAPEv2/storage/binaries/4b035b5e67210629299edb5dce18cc38ceff83289c3257572959ed4294e68fe8
crc32: 2C7EEE24
md5: e6def69b338c7d5b8a729cd2eac2417b
sha1: 490ad03600024cf61adb332b1d2e63b675a4c7d0
sha256: 4b035b5e67210629299edb5dce18cc38ceff83289c3257572959ed4294e68fe8
sha512: 4d975fb1f2a0ef40e5ad7021bbba75901f38d005a03a0b3f6a720f87c936805b851d4f29e5448e13c836bf27b73ed79b0d59c0f08acb532c3a37122e71b5d345
ssdeep: 24576:6YVhXJoLmkZoJSFTnIx5OYMyzSUR8HTaYqg+ScPR:FKZ3FBKeU+HTpqg+ScPR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E43533614BBC12D9E0A0C379F7C90DF6499F096ED9C0635D37E9A70E4C4E0AE9C9B129
sha3_384: 7632ab6f25f4475a3342599b1d7e033b716f81ec6329db57df3ea451e4b158607ba81dba89904fe5c0fbdfb4a5cac10f
ep_bytes: 558bec83e4f881ec101b000053555657
timestamp: 2020-01-24 23:56:17


Version Info:

CompanyName: NCH Software
FileDescription: PicoPDF PDF Editor
FileVersion: 3.31+
ProductVersion: 3.31+
ProductName: PicoPDF
LegalCopyright: NCH Software
InternalName: PicoPDF
OriginalFilename: PicoPDF.exe
Translation: 0x0c09 0x04b0

Lazy.135021 also known as:

MicroWorld-eScanGen:Variant.Lazy.135021
FireEyeGen:Variant.Lazy.135021
KasperskyVHO:Trojan-Ransom.Win32.Blocker.gen
BitDefenderGen:Variant.Lazy.135021
AvastFileRepMalware [Misc]
Ad-AwareGen:Variant.Lazy.135021
EmsisoftGen:Variant.Lazy.135021 (B)
Trapminemalicious.moderate.ml.score
GDataGen:Variant.Lazy.135021
ArcabitTrojan.Lazy.D20F6D
ALYacGen:Variant.Lazy.135021
CylanceUnsafe
APEXMalicious
MAXmalware (ai score=85)
FortinetPossibleThreat.MU
AVGFileRepMalware [Misc]
Cybereasonmalicious.b338c7

How to remove Lazy.135021?

Lazy.135021 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment