Categories: Malware

Lazy.14248 removal

The Lazy.14248 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.14248 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Collects and encrypts information about the computer likely to send to C2 server
Collects information about installed applications
CAPE detected the DridexV4 malware family
Attempts to modify proxy settings
Anomalous binary characteristics

How to determine Lazy.14248?


File Info:
name: 79CECECB8151D51E3D13.mlwpath: /opt/CAPEv2/storage/binaries/2e6eeed82b9b0496899a132e569ee96d36b859843231da011608dc1affe067f5crc32: A68F097Bmd5: 79cececb8151d51e3d13307268ffc439sha1: 096ca5dfdd9bb17458e4bc4060389bb8a07c4ed1sha256: 2e6eeed82b9b0496899a132e569ee96d36b859843231da011608dc1affe067f5sha512: 25f5a29211ba5880688e860bbb7231bec0e026ba2a12470b523d581802df6a59f4f1188489a8220cf3608635dd93c58e88dfee257d3df16de9c21ea18673b32essdeep: 3072:yzNU4XTCC4/Ky1XDEPz2XGnj2MqUDcE79OD9AxZIaKMaRKerCJQYp4:yWiT+/Ktz2XGj2wwEeaSas8uyQtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1EBF3126ACBCE10AADE17B43020423076196695A2D3ECDAFBFB1009C5F1778CB5477B22sha3_384: 87ef2b5667dde5275620454cc5f23463ff3c4ccce16475d8902c9bb409cd3702bbfee1d1d443bcacaea9ac863211c178ep_bytes: e82bedffffcccccccccccccccccccccctimestamp: 2021-11-05 09:13:21
Version Info:
Translation: 0x0000 0x04b0CompanyName: Citrix Systems, Inc.FileDescription: CredentialsFileVersion: 2.60.7.00000InternalName: Ennentwaett.resources.dllLegalCopyright: Copyright © 1990-2017 Citrix Systems, Inc. All rights reserved.OriginalFilename: Ennentwaett.resources.dllProductName: Ennent AettrtttProductVersion: 2.60.7.00000Assembly Version: 4.12.0.18013

Lazy.14248 also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Zenpak.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.14248
FireEye	Generic.mg.79cececb8151d51e
McAfee	Artemis!79CECECB8151
Cylance	Unsafe
K7AntiVirus	Trojan ( 005485311 )
K7GW	Trojan ( 005485311 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Packed.Generic.553
ESET-NOD32	a variant of Win32/Kryptik.HNMT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Zenpak.biqr
BitDefender	Gen:Variant.Lazy.14248
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Zenpak.Akpq
Ad-Aware	Gen:Variant.Lazy.14248
Sophos	ML/PE-A + Mal/EncPk-APX
TrendMicro	TROJ_GEN.R002C0RKR21
Emsisoft	Gen:Variant.Lazy.14248 (B)
Jiangmin	Trojan.Zenpak.jcf
Avira	HEUR/AGEN.1128370
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.34DA55A
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ViRobot	Trojan.Win32.Z.Lazy.172032.A
GData	Gen:Variant.Lazy.14248
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.34084.ky0@a8@UZS
ALYac	Gen:Variant.Lazy.14248
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Crypt
TrendMicro-HouseCall	TROJ_GEN.R002C0RKR21
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:CrypterX-gen [Trj]
Cybereason	malicious.fdd9bb
Panda	Trj/GdSda.A