Lazy.26520 malicious file

The Lazy.26520 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Lazy.26520 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Lazy.26520?


File Info:
name: 5A4A5A0472F6E9F7AE5D.mlw
path: /opt/CAPEv2/storage/binaries/3f52abc202810f3c7bf67e85289b6ac69ceb6fbe930ef490ad66d2abea82e960
crc32: 1A692C54
md5: 5a4a5a0472f6e9f7ae5de12ae4969c7e
sha1: 782968b84fe684efa6d8fb0b63028a7fc24ea417
sha256: 3f52abc202810f3c7bf67e85289b6ac69ceb6fbe930ef490ad66d2abea82e960
sha512: 0f0bdb0de277e931f3f2225553d0cb8ccf67280b98c3b8a47a42e3f5f7adf11e4829749d9f8cf86cb2b19495a83f066059c155c3f0a8e73d8c7324a71d20b450
ssdeep: 196608:diEgIoIVyjbvqyj0KZJozwkV2+0aDueCUAYStFz394fsmYVIVgB32QNk:d+lIVyjmyYzMkLDueCaSDWfsmY6ON2Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T168F6330B644E5442FCE29FBD79DE81ED790D67A7E04DA89EA46C834842275C3D688FF0
sha3_384: dc72965325566939943cd60ecd7ba9b7826f7fcd9fc70f27ec4c78b14b834084ff308de0cb6adc3b5dbba2c4df2e10db
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-27 03:17:08

Version Info:
Translation: 0x0000 0x04b0
FileDescription: Steam
FileVersion: 7.52.39.57
InternalName: steam.exe
LegalCopyright: Copyright (C) 2021 Valve Corporation
OriginalFilename: steam.exe
ProductName: Steam
ProductVersion: 01.00.00.02
Assembly Version: 0.0.0.0

Lazy.26520 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.26520
CAT-QuickHeal	Trojan.Generic.TRFH451
ALYac	Gen:Variant.Lazy.26520
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.26520
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Cyren	W32/MSIL_Troj.BLZ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ADGR
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.Crysan.gen
BitDefender	Gen:Variant.Lazy.26520
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Variant.Lazy.26520
Emsisoft	Gen:Variant.Lazy.26520 (B)
DrWeb	Trojan.PackedNET.1560
McAfee-GW-Edition	BehavesLike.Win32.Generic.wh
FireEye	Generic.mg.5a4a5a0472f6e9f7
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Lazy.26520
Google	Detected
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=80)
Arcabit	Trojan.Lazy.D6798
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4637806
Acronis	suspicious
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:WaJrkU7tL9CtrAAFnjewLw)
Ikarus	Trojan.MSIL.Krypt
Fortinet	MSIL/GenKryptik.FKHW!tr
BitDefenderTheta	Gen:NN.ZemsilF.34682.@p0@aWuJpge
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.84fe68

How to remove Lazy.26520?

Lazy.26520 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X