Categories: Malware

Should I remove “Lazy.215809”?

The Lazy.215809 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.215809 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Lazy.215809?



File Info:

name: 00D49A6A3CC540E5A743.mlwpath: /opt/CAPEv2/storage/binaries/43653fe35f3e75755855682bff227045076e9da124cc79c1fdc97f41820a552acrc32: 45E456B7md5: 00d49a6a3cc540e5a743b190723241a6sha1: fe37b707a27ac5034b1cd30fe794c72d4a728ebbsha256: 43653fe35f3e75755855682bff227045076e9da124cc79c1fdc97f41820a552asha512: 93b0256616e1d988c6330367d1ad464b2c4304ec919eb7f3bda7058807b4ba3cdb34bc6a1a864562cf7a301d3a1b1a9a59dbf02fe8d067f0efe1fbc897964978ssdeep: 6144:0+5b1XqLm6WvLyQ9FkWH81o0k0imsuFssuOdmIBjZKOxRGV:bXqAR9FF8+0k/CVuGmIBjgOxGtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12364235EF2E579AAD4FB07BE33527BB32906B9A81B1141F497B00AEC0551CF1562930Fsha3_384: 754396e7c5db3d1b602fbe7393fc043ba1416c5dde1489e4a5fcc7c9da480cda63ef62beea6cb601acc503eef27e06d5ep_bytes: 558bec81ec04010000b85699000083e8timestamp: 2012-04-23 09:29:21

Version Info:

CompanyName: Mocrosuft CorporationFileDescription: Mocrosuft Visual Studio 2010FileVersion: 1.9.43074.5121 built by: SP1RelInternalName: devenv.exeLegalCopyright: © Mocrosuft Corporation. All rights reserved.OriginalFilename: devenv.exeProductName: Mocrosuft® Visual Studio® 2010ProductVersion: 1.9.43074.5121Translation: 0x0409 0x04b0

Lazy.215809 also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen6.15132
MicroWorld-eScan Gen:Variant.Lazy.215809
FireEye Generic.mg.00d49a6a3cc540e5
CAT-QuickHeal FraudTool.Security
McAfee PWSZbot-FBTA!00D49A6A3CC5
Cylance Unsafe
Zillya Trojan.Zbot.Win32.158613
Sangfor Infostealer.Win32.Zbot.mt
K7AntiVirus Riskware ( 0040eff71 )
K7GW Riskware ( 0040eff71 )
Cybereason malicious.a3cc54
BitDefenderTheta Gen:NN.ZexaF.34606.uy1@ayGh51gG
VirIT Trojan.Win32.SHeur4.BXEI
Cyren W32/A-d1ad9250!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Spy.Zbot.ABA
APEX Malicious
ClamAV Win.Trojan.Agent-1135228
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Lazy.215809
NANO-Antivirus Trojan.Win32.Zbot.dbnazh
SUPERAntiSpyware Trojan.Agent/Gen-FalComp
Avast Win32:Kryptik-OEU [Trj]
Tencent Malware.Win32.Gencirc.10b696a7
Ad-Aware Gen:Variant.Lazy.215809
TACHYON Trojan-Spy/W32.ZBot.332997
Sophos ML/PE-A + Troj/Zbot-IPP
Comodo TrojWare.Win32.Yakes.FDVN@5bypt7
Baidu Win32.Trojan.Kryptik.je
VIPRE Gen:Variant.Lazy.215809
TrendMicro TSPY_ZBOT.SMJC1
McAfee-GW-Edition PWSZbot-FBTA!00D49A6A3CC5
Trapmine malicious.high.ml.score
Emsisoft Gen:Variant.Lazy.215809 (B)
SentinelOne Static AI – Malicious PE
GData Gen:Variant.Lazy.215809
Jiangmin Trojan-Spy.Win32.Zbot.ak
Google Detected
Avira TR/Crypt.XPACK.Gen7
Antiy-AVL Trojan/Generic.ASMalwS.31
Arcabit Trojan.Lazy.D34B01
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft PWS:Win32/Zbot
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Necurs.R109444
VBA32 TrojanPSW.Zbot
ALYac Gen:Variant.Lazy.215809
MAX malware (ai score=84)
Malwarebytes Trojan.Zbot.Gen
TrendMicro-HouseCall TSPY_ZBOT.SMJC1
Rising Malware.Undefined!8.C (TFE:2:d89ren5Ecj)
Yandex TrojanSpy.Zbot!VFu81jas3tA
Ikarus Trojan.Crypt.XPACK7
Fortinet W32/Kryptik.CGEJ!tr
AVG Win32:Kryptik-OEU [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)

How to remove Lazy.215809?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: devenv.exeLazy.215809
2 years ago

Recent Posts

Application.Generic.3678684 malicious file

The Application.Generic.3678684 is considered dangerous by lots of security experts. When this infection is active,…

48 mins ago

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago