Malware

Lazy.28164 malicious file

Malware Removal

The Lazy.28164 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.28164 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Lazy.28164?



File Info:

name: 68835072230D278CF8E0.mlw
path: /opt/CAPEv2/storage/binaries/094e02adaec350467c8ca2e03a8b328e0939dd66bf1fe0d82856e4e3f1bf3c53
crc32: 71489E75
md5: 68835072230d278cf8e086e882c9c855
sha1: 31b803fb99ed6fe898e2e854dc98440290d3735c
sha256: 094e02adaec350467c8ca2e03a8b328e0939dd66bf1fe0d82856e4e3f1bf3c53
sha512: a24db701558f71a1033111c343b55dce9ba0a62dc8b4df80349665fd3e021212026008cfa4889408042aedd024e449bc33fad0722bc05d1303cec8cc0db47dbc
ssdeep: 24576:5p2silPBMIXGWClfuRcUGIJYK15QsMQZ:5p2sMO7VzUTJH15QYZ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17F453A21A7E98129F5F33B305CBA735459BA7D3A9E36D38E32A4940D5D31E80AC64733
sha3_384: 50a8ec8e7124725c085f107e2bb53a76538e5fc13b1c428764ed3b36cfb4a118dd1b6be0ee8a97768626d7c9b3b4398b
ep_bytes: e805000000e99c2fffff558bec83ec10
timestamp: 2019-03-04 22:00:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Visual Basic Command Line Compiler
FileVersion: 8.0.50727.9136
InternalName: vbc.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: vbc.exe
ProductName: Microsoft® Visual Studio® 2005
ProductVersion: 8.0.50727.9136
Translation: 0x0409 0x04b0

Lazy.28164 also known as:

MicroWorld-eScanGen:Variant.Lazy.28164
FireEyeGeneric.mg.68835072230d278c
McAfeeArtemis!68835072230D
CylanceUnsafe
ZillyaTrojan.GenKryptik.Win32.111247
K7AntiVirusTrojan ( 00571b961 )
AlibabaTrojan:Win32/GenKryptik.3b9e4d62
K7GWTrojan ( 00571b961 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.EUQU
BitDefenderGen:Variant.Lazy.28164
AvastWin32:Trojan-gen
TencentWin32.Trojan.Babar.Wptj
Ad-AwareGen:Variant.Lazy.28164
EmsisoftGen:Variant.Lazy.28164 (B)
McAfee-GW-EditionBehavesLike.Win32.Injector.th
SophosMal/Generic-S
GDataGen:Variant.Lazy.28164
eGambitUnsafe.AI_Score_95%
AviraTR/Kryptik.cpwff
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.34D66C9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacGen:Variant.Lazy.28164
MalwarebytesMalware.AI.1729343150
YandexTrojan.GenKryptik!EIyTGpzSYHE
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/CoinMiner.3E08!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.2230d2

How to remove Lazy.28164?

Lazy.28164 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment