How to remove “Lazy.238420”?

The Lazy.238420 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Lazy.238420 virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Lazy.238420?


File Info:
name: CC72735E80266BB71F3B.mlw
path: /opt/CAPEv2/storage/binaries/5512327c7b2fb5df4806bc89381b0cf6e052e78328a0c81934898088ab2fa4f9
crc32: 251B0001
md5: cc72735e80266bb71f3bdc546ced707b
sha1: 11338f4112c2e31e0ed257e9e7a9da0b46ce0b11
sha256: 5512327c7b2fb5df4806bc89381b0cf6e052e78328a0c81934898088ab2fa4f9
sha512: c4372cb6fc1fe1b8e1c3ce342dc1ad7948fc4914a61158a835fc7f37b04299d8c965cd76053e33e8df01d509c30aca6e252f9b652b88e8e90a1a3aa400e5d4d7
ssdeep: 24576:HrYiIN48Trl04+41js4qkQI4HvG7qeYhM4G:wrl04+2TB4X/LG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C358D207DF1B172DCE220F546ECF966C16DE5B00B3687C782C496EED620AC16F36696
sha3_384: 0aaaeff651bbb0afb7d77127122d70e7680cfbdd2456af27eafe02f8b13995da1c230c5caca4a50216e1ba1bfda3c16d
ep_bytes: e93e710300e994d80400e933f60300e9
timestamp: 2022-08-29 05:31:00

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Device driver software installation
FileVersion: 5.2.3668.0
InternalName: NDAdmin.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: NDAdmin.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.2.3668.0
Translation: 0x0409 0x04b0

Lazy.238420 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Lazy.238420
FireEye	Gen:Variant.Lazy.238420
Cylance	Unsafe
VIPRE	Gen:Variant.Midie.116037
Cyren	W32/Kryptik.HKD.gen!Eldorado
ESET-NOD32	a variant of Win32/GenKryptik_AGen.KJ
Kaspersky	HEUR:Backdoor.Win32.Mokes.gen
BitDefender	Gen:Variant.Lazy.238420
Avast	Win32:Trojan-gen
Ad-Aware	Gen:Variant.Midie.116037
Emsisoft	Gen:Variant.Lazy.238420 (B)
DrWeb	Trojan.DownLoader45.13429
Ikarus	Trojan.Win32.RedlineStealer
GData	Gen:Variant.Lazy.238420
Google	Detected
MAX	malware (ai score=87)
Arcabit	Trojan.Midie.D1C545
ZoneAlarm	HEUR:Backdoor.Win32.Mokes.gen
Microsoft	Trojan:Win32/Sabsik.RD.A!ml
AhnLab-V3	Trojan/Win.CrypterX-gen.R512779
VBA32	BScope.TrojanSpy.Bobik
ALYac	Gen:Variant.Midie.116037
Malwarebytes	Trojan.SmokeLoader
Rising	Backdoor.Mokes!8.619 (TFE:5:S0nMDSQTT0C)
AVG	Win32:Trojan-gen

How to remove Lazy.238420?

Lazy.238420 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X