Categories: Malware

Lazy.328293 (file analysis)

The Lazy.328293 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.328293 virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Attempts to modify proxy settings
Creates a copy of itself
Deletes executed files from disk
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Lazy.328293?


File Info:
name: 1795D9FF3825F44A4700.mlwpath: /opt/CAPEv2/storage/binaries/f4cc604953f4f6bcd69da796158e1761891baed2d2f80aa90e24a6e96772c798crc32: 79995B9Dmd5: 1795d9ff3825f44a4700fe82837ae795sha1: 40c4e6967c3dadb5589fcd085237ddd8d86f5d87sha256: f4cc604953f4f6bcd69da796158e1761891baed2d2f80aa90e24a6e96772c798sha512: 3d281f86e3ad1435547a80aa1776b651d35bad51fd99aad273648bf497009cb99f6e89104bbb80a08cf43cd771ffd21d84ad7d02adfd34072ec594e2003c2eb8ssdeep: 24576:0/nhF7YR3aH8WUTH1CYn2+t+dVbUXIMa/ZSC77Jh7:qnhF7qbZ5CYn2+oVbUXIMgl77type: PE32 executable (console) Intel 80386, for MS Windowstlsh: T16B25CF4C2B207443D18A927679AFC7B8A181D83D7A97DFB870D0B9A73D623D1709267Csha3_384: bad042094b0e6deac5d3de23ebf71a84e9cb42cbe0c5a3a1b50e817e4a628caaf35fe9d9d59012c92cea8ee54c003a72ep_bytes: fddd66d5adb4e252a855ebc32a1f8379timestamp: 1971-05-16 00:00:00
Version Info:
0: [No Data]

Lazy.328293 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.328293
Skyhigh	BehavesLike.Win32.Picsys.dc
McAfee	Trojan-FVOQ!1795D9FF3825
Cylance	unsafe
Zillya	Trojan.Kryptik.Win32.1481908
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005a45ef1 )
K7GW	Trojan ( 005a15b21 )
Cybereason	malicious.67c3da
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik_AGen.BGD
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Razy-9836307-0
Kaspersky	VHO:Trojan.Win32.Khalesi.gen
BitDefender	Gen:Variant.Lazy.328293
NANO-Antivirus	Trojan.Win32.Kryptik.fhkhqo
Avast	Win32:Evo-gen [Trj]
Tencent	Trojan.Win32.Selfmod.ka
Sophos	Troj/Agent-BFEY
F-Secure	Heuristic.HEUR/AGEN.1369103
DrWeb	Trojan.Packed2.41883
VIPRE	Gen:Variant.Lazy.328293
Emsisoft	Gen:Variant.Lazy.328293 (B)
Ikarus	Trojan.Win32.Glupteba
Jiangmin	Trojan.Generic.dcetw
Avira	HEUR/AGEN.1369103
Antiy-AVL	Trojan/Win32.Kryptik.gify
Kingsoft	malware.kb.a.779
Microsoft	Trojan:Win32/Cerber.MPI!MTB
Xcitium	TrojWare.Win32.Kryptik.TLS@812zm8
Arcabit	Trojan.Lazy.D50265
ZoneAlarm	VHO:Trojan.Win32.Khalesi.gen
GData	Win32.Trojan.PSE.1B28NHU
Varist	W32/Trojan.MJSE-7842
AhnLab-V3	Packed/Win.FJB.R621241
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.36680.78Z@aGR3Qvf
TACHYON	Trojan/W32.Selfmod
VBA32	Trojan.Copak
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.B34D (CLASSIC)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Kryptik.GIFQ!tr
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)