Malware

How to remove “Lazy.211948”?

Malware Removal

The Lazy.211948 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.211948 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • CAPE detected the Cerber malware family
  • Attempts to access Bitcoin/ALTCoin wallets
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Lazy.211948?



File Info:

name: A77DBCACED1A433F684E.mlw
path: /opt/CAPEv2/storage/binaries/44cced878c6555c3b52aae3aa7009d1acfbd29366f93b66990669e73d27544f5
crc32: 26A7BA53
md5: a77dbcaced1a433f684ec97d6afade32
sha1: 0a03db7e1491673792a4e0b3f6a1c1109ee58b87
sha256: 44cced878c6555c3b52aae3aa7009d1acfbd29366f93b66990669e73d27544f5
sha512: 7eef0f21603b333c1ae6bbb6a818560120671d1c0a1f990b28e0ce8c87cb32d34a5a51ce176fac0eea2e2bed94ab8d56c6d457095839741215e40fcb68384ed2
ssdeep: 6144:ZdyqcoXKbVY3nmgbrSJQgkiGXmN8TQptqKQG:moXWVlgbrkurS0oss
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA645BF573EF63FEDDFD42F0F40924278218F54CE8EACA86579009AE2966393C521642
sha3_384: 933eb769d9fb74cf8a3c10492bb80aaaf067ba8c0c2b11ca5fca53fb91bfe2028974567431d37ae2d07c47d1277d8478
ep_bytes: 558bec83ec18578b45f88b4df8d3e889
timestamp: 2017-03-06 12:48:03


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Word Converter
FileVersion: 12.0.6500.5000
InternalName: WordConv
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: WordConv.exe
ProductName: 2007 Microsoft Office system
ProductVersion: 12.0.6500.5000
Translation: 0x0409 0x04e4

Lazy.211948 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.211948
FireEyeGeneric.mg.a77dbcaced1a433f
CAT-QuickHealRansom.Cerber.A4
McAfeeRansomware-GCQ!A77DBCACED1A
CylanceUnsafe
VIPREGen:Variant.Lazy.211948
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005224381 )
K7GWTrojan ( 005224381 )
Cybereasonmalicious.ced1a4
BaiduWin32.Trojan.Kryptik.ayf
CyrenW32/Zbot.JC.gen!Eldorado
SymantecPacked.Generic.459
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.FZOQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.211948
NANO-AntivirusTrojan.Win32.Kryptik.evgoqq
AvastWin32:Malware-gen
TencentWin32.Trojan.Generic.Lmun
Ad-AwareGen:Variant.Lazy.211948
EmsisoftGen:Variant.Lazy.211948 (B)
ComodoTrojWare.Win32.Ransom.Cerber.FJ@6wjqwh
TrendMicroRansom_HPCERBER.SMALY5A
McAfee-GW-EditionBehavesLike.Win32.Trickbot.fh
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/Cerber-B
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Lazy.211948
GoogleDetected
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.3303
ArcabitTrojan.Lazy.D33BEC
MicrosoftRansom:Win32/Cerber.J
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Cerber.Exp
BitDefenderThetaAI:Packer.24DE4C7A1F
ALYacGen:Variant.Lazy.211948
VBA32Trojan.Encoder
TrendMicro-HouseCallRansom_HPCERBER.SMALY5A
RisingTrojan.Kryptik!1.AE9C (CLASSIC)
FortinetW32/Kryptik.HGZD!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Lazy.211948?

Lazy.211948 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment