Categories: Malware

Should I remove “Lazy.317291”?

The Lazy.317291 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.317291 virus can do?

Uses Windows utilities for basic functionality
Drops a binary and executes it
Authenticode signature is invalid
A ping command was executed with the -n argument possibly to delay analysis
Appears to use command line obfuscation
Creates a copy of itself
Deletes executed files from disk
Adds itself to the Safe Mode boot to ensure its start
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Lazy.317291?


File Info:
name: B482A6C2AD1361F4AD7A.mlwpath: /opt/CAPEv2/storage/binaries/61782e571d09517b2943eb906db917139c841edf63119adc9983142e64e1424acrc32: C1FF5465md5: b482a6c2ad1361f4ad7ae6205141080esha1: b88a578227fc0583aef6e884fbefe216bd693e8bsha256: 61782e571d09517b2943eb906db917139c841edf63119adc9983142e64e1424asha512: 6181faa9e7adfcc94f062310fbef67f251f549dbf2d1a510a18b0cba4c60793358e0563b9bacf271fc857cda00f54ffe4bd1451c1709314c39647d040a4db75assdeep: 768:O0cr3xNg6Aut4bE0nvNS5ZHcWh+UNj07wbLwM6jHBB9D3xfjL2x4xC7g8QcrMn:ZWpAjHIHcO+UNS8GBx3xb6x4l8QcQntype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17A036B16ABF10036F9F31A71A9745826EFBBFC215436D41F87800E6E1970981CE38727sha3_384: 807929a384d01307cb6d2608230bfa1b626563038600b76142b34c229a6e8ade03cc43f8b071d37df0746e56b124e79bep_bytes: 558bec83e4f881ec8400000053568b35timestamp: 2022-11-23 08:52:56
Version Info:
CompanyName: Microsoft CorporationFileDescription: Takes ownership of a fileFileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)InternalName: takeown.exeLegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: takeown.exeProductName: Microsoft® Windows® Operating SystemProductVersion: 6.1.7601.17514Translation: 0x0409 0x04b0

Lazy.317291 also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Lazy.317291
FireEye	Generic.mg.b482a6c2ad1361f4
Skyhigh	BehavesLike.Win32.PWSOnlineGames.nh
ALYac	Gen:Variant.Lazy.317291
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Lazy.317291
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005770c21 )
BitDefender	Gen:Variant.Lazy.317291
K7GW	Trojan ( 005770c21 )
Cybereason	malicious.227fc0
BitDefenderTheta	AI:Packer.9CE6053720
VirIT	Trojan.Win32.Agent.DOWA
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent.UOL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.SelfDel.pef
NANO-Antivirus	Trojan.Win32.Staser.jupmlf
Tencent	Malware.Win32.Gencirc.10bbc797
F-Secure	Heuristic.HEUR/AGEN.1306154
DrWeb	Trojan.MulDrop18.6162
Zillya	Trojan.Staser.Win32.11261
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Lazy.317291 (B)
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan.Staser.ius
Avira	HEUR/AGEN.1306154
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	malware.kb.a.999
Arcabit	Trojan.Lazy.D4D76B
ZoneAlarm	HEUR:Trojan.Win32.SelfDel.pef
GData	Win32.Trojan.PSE.HROHBV
Varist	W32/Agent.DEO.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R562137
McAfee	GenericRXAA-FA!B482A6C2AD13
MAX	malware (ai score=80)
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Mucc
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Backdoor.IPCShell!1.DE91 (CLASSIC)
Yandex	Trojan.Staser!Ax50vOs96EI
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.UOL!tr
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)