Malware

Lazy.209552 information

Malware Removal

The Lazy.209552 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.209552 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Uses suspicious command line tools or Windows utilities

How to determine Lazy.209552?



File Info:

name: A5A48DE9017CBFA81841.mlw
path: /opt/CAPEv2/storage/binaries/d6117ab116b19ad53ecc3c881eb9563d9eba399fbe137363b02ba7c00bac84a6
crc32: BB8E4D00
md5: a5a48de9017cbfa8184189d7003907c7
sha1: 473b16057154c7b5a15e6a39f34bc06a4704f73e
sha256: d6117ab116b19ad53ecc3c881eb9563d9eba399fbe137363b02ba7c00bac84a6
sha512: 54b21caea908bad241f7c1b2f47edfee1d1dfeca3da108887cd262038f7f68d7ca9417ce5de214e2433445e6ed313e8e22e081cecd5bda2b39003c5917096d41
ssdeep: 1536:bj7SZdcNrwGIKradeM60YFDXYZXFkMf8m2bd6D6cvDI44JyILRmYM7:bj7S/MwGIQM60mYdyv2feLIYM7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB93BF06F3DE2E10D2B514BE604FABB6D494AC279C32E251D77E0703D5B4F1077A266A
sha3_384: f4d903f84e3cd3a7f88313b5dc44e168b8b78ea8a05b36e0fcf34df22563e6802ea146db44b13567d2ae7cf3a88ce6d2
ep_bytes: 60be002045018dbe00f0fafe5783cdff
timestamp: 1993-04-29 11:18:52


Version Info:

CompanyName: Mozilla Foundation
FileDescription: Legacy Database Driver
FileVersion: 3.12.9.0 Basic ECC
InternalName: nssdbm3
OriginalFilename: nssdbm3.dll
ProductName: Network Security Services
ProductVersion: 3.12.9.0 Basic ECC
Translation: 0x0409 0x04b0

Lazy.209552 also known as:

LionicTrojan.Win32.Dapato.b!c
DrWebTrojan.PWS.Multi.36
MicroWorld-eScanGen:Variant.Lazy.209552
FireEyeGeneric.mg.a5a48de9017cbfa8
McAfeeArtemis!A5A48DE9017C
CylanceUnsafe
VIPREGen:Variant.Razy.45609
SangforSuspicious.Win32.Save.a
AlibabaTrojanPSW:Win32/Codtree.4253804a
Cybereasonmalicious.9017cb
BitDefenderThetaGen:NN.ZexaF.34606.fmKfaOnVy4n
CyrenW32/Bredolab.AW.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.BCVA
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.209552
NANO-AntivirusTrojan.Win32.Codtree.eknsr
SUPERAntiSpywareTrojan.Agent/Gen-FakeAV[Zbot]
AvastFileRepMalware [Trj]
TencentWin32.Trojan-dropper.Dapato.Lnea
Ad-AwareGen:Variant.Lazy.209552
EmsisoftGen:Variant.Lazy.209552 (B)
ComodoMalware@#q1dwdg402qc3
ZillyaTrojan.Kryptik.Win32.92911
McAfee-GW-EditionPWS-Zbot.gen.axj
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Agent-RNY
WebrootW32.Trojan.Dapato.Gen
GoogleDetected
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.35
MicrosoftPWS:Win32/Vigorf.A
GDataGen:Variant.Lazy.209552
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/FakeAV53.Gen
VBA32BScope.Trojan.Zbot.01367
ALYacGen:Variant.Lazy.209552
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Bulta!8.35D (CLOUD)
YandexTrojan.Kryptik!kwS1EAcaT4w
IkarusTrojan-Downloader.Win32.Dapato
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PETPacked.D!tr
AVGFileRepMalware [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Lazy.209552?

Lazy.209552 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment