Malware

About “Lazy.209403” infection

Malware Removal

The Lazy.209403 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.209403 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Enumerates physical drives
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Lazy.209403?



File Info:

name: 7CAC27B55DEED6DE7615.mlw
path: /opt/CAPEv2/storage/binaries/dc9bf8ad3f3eb7828da52b7618d647d1343ea6e0a3d87aee2b1527f192ea3617
crc32: 3413EA18
md5: 7cac27b55deed6de761575342f8e5906
sha1: fd2e4ae76d31e0fbf746042c0ecfd96dd6f74e1d
sha256: dc9bf8ad3f3eb7828da52b7618d647d1343ea6e0a3d87aee2b1527f192ea3617
sha512: faf8170bc1fa1ad7ee0387ded7830217b926cd0d8ee982bdc6bd1f1d5e66f3aac2be672b6d344659ec365196dbe00a0e979b5df8b634ce5fd34f1b0835f3a163
ssdeep: 12288:wpoh8gdi8kh4resie5dAfnG1G3RsxgI9WUEuLh0T7awgCLShIX9ZfXxwghAMdjzV:WSKjhXsNdC3RhuLGT9TvljzyE8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14E053384EA9BA05DE38BCFF54C24D6F4070BC276E3A9F6C5A5547D1C236BF86412B920
sha3_384: d804dd682ed67016f0ea8e789ee5d8d1e87ab4286c2d15641c0b54e88f0fae5911652c88c9adb0759c2a41ce61c3a7bc
ep_bytes: 60be008094008dbe0090abffc7875cda
timestamp: 2011-06-05 01:53:46


Version Info:

CompanyName: BitDefender
FileDescription: BitDefender Core
FileVersion: 9.9.1.0
InternalName: Krvihe.exe
LegalCopyright: (C) B Software
OriginalFilename: Iligp.exe
ProductName: Kboh
ProductVersion: 9.9.1.0
Translation: 0x001b 0x04b0

Lazy.209403 also known as:

LionicTrojan.Win32.FakeAV.lrR4
Elasticmalicious (moderate confidence)
DrWebTrojan.AVKill.6306
MicroWorld-eScanGen:Variant.Lazy.209403
SkyhighFakeAV-SysDef.a
McAfeeFakeAV-SysDef.a
Cylanceunsafe
VIPREGen:Variant.Lazy.209403
K7AntiVirusTrojan ( 0028a9fd1 )
AlibabaTrojan:Win32/Kryptik.5109b21a
K7GWTrojan ( 0028a9fd1 )
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderThetaGen:NN.ZexaF.36744.1mKfam6gCAcc
VirITTrojan.Win32.AVKill.JIO
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.ORC
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.209403
NANO-AntivirusTrojan.Win32.FakeAV.djtbz
AvastWin32:FakeAlert-BAP [Trj]
TencentWin32.Trojan.Generic.Hmnw
EmsisoftGen:Variant.Lazy.209403 (B)
F-SecureTrojan.TR/Dropper.Gen
ZillyaTrojan.FakeAV.Win32.93880
TrendMicroTROJ_FAKEAV.SMCT
FireEyeGeneric.mg.7cac27b55deed6de
SophosMal/FakeAV-NI
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Lazy.209403
WebrootW32.Rogue.Gen
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.AGeneric
XcitiumMalware@#33jlr1qffjzhb
ArcabitTrojan.Lazy.D331FB
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Ditertag.A
VaristW32/Ransom.O.gen!Eldorado
AhnLab-V3Trojan/Win32.FakeAV.R6803
VBA32SScope.Malware-Cryptor.01499
ALYacGen:Variant.Lazy.209403
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_FAKEAV.SMCT
RisingAdware.FakeRean!8.1340B (TFE:5:l91u8ftBneH)
YandexTrojan.FakeAV!uyK50OaJSpE
IkarusTrojan.Win32.FakeAV
MaxSecureTrojan.Malware.2294168.susgen
FortinetW32/Kryptik.MGT!tr
AVGWin32:FakeAlert-BAP [Trj]
DeepInstinctMALICIOUS

How to remove Lazy.209403?

Lazy.209403 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment