Malware

How to remove “Lazy.359443”?

Malware Removal

The Lazy.359443 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.359443 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the MetaStealer malware family
  • Attempts to identify installed AV products by installation directory
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Lazy.359443?



File Info:

name: C18C0260D2AB41BDDB5D.mlw
path: /opt/CAPEv2/storage/binaries/958e8b061a61a24c98288b472e133ce2581f705185b8ce7e7fb8d6f5ff25bc83
crc32: A522ED1E
md5: c18c0260d2ab41bddb5d3d77b8d4cb51
sha1: 7630fb4c84e62a955241d9774958bd295ef0ecf2
sha256: 958e8b061a61a24c98288b472e133ce2581f705185b8ce7e7fb8d6f5ff25bc83
sha512: e22d164d8d74722bcde95b6c67f420c193dfa82f3b20d7cc81fb5aaea611206e700f3e93fb60d82ff72e5b145a8f8ba0209534996d3dfbdaf0eb1bbaa8b6cf23
ssdeep: 49152:WvzIXOV8B3IKS7PbB4gkbTknQHoEaCG+YMsOuztORieqM/hG3O84uR3V59xTvKrt:2TkUSQnREyfjLLw/hG3F7tbLQGm
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16016015960AEAEAFD93430752BEC1553F9ADA475171F0D0022C2EDEFD8ACD80F29189D
sha3_384: 195a94afc1e67996e5ee41b8645e9a99cf9f879b8ce35a1b2a3520ece5a8f57b48becce8b3248a73e46e033f3b17be0f
ep_bytes: e8e2020000e974feffff558bec83ec0c
timestamp: 1970-01-01 00:00:00


Version Info:

Comments: This is a legitimate application.
CompanyName: Wissol Petreleum Georgia
FileDescription: Wissol Petreleum Georgia Product
FileVersion: 877
InternalName: RP8fe8cSwLZr
LegalCopyright: © Wissol Petreleum Georgia All rights reserved.
LegalTrademarks: © Wissol Petreleum Georgia Trademarks
OriginalFilename: e0K1FNp8.exe
ProductName: GLl8Lox6pF
ProductVersion: 877
Translation: 0x0407 0x04b0

Lazy.359443 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Stealer.12!c
AVGWin32:PWSX-gen [Trj]
MicroWorld-eScanGen:Variant.Lazy.359443
FireEyeGen:Variant.Lazy.359443
CAT-QuickHealTrojan.GenericPMF.S30424795
SkyhighGenericRXWF-GF!C18C0260D2AB
McAfeeGenericRXWF-GF!C18C0260D2AB
MalwarebytesTrojan.MalPack
VIPREGen:Variant.Lazy.359443
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005a7ab71 )
AlibabaTrojanSpy:Win32/Stealer.f164c2f1
K7GWTrojan ( 005a7ab71 )
Cybereasonmalicious.0d2ab4
VirITTrojan.Win32.Genus.RVD
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HTZZ
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Dacic-10006009-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.pef
BitDefenderGen:Variant.Lazy.359443
NANO-AntivirusTrojan.Win32.Stealer.jyhasl
AvastWin32:PWSX-gen [Trj]
TencentTrojan-Spy.Win32.Stealer.16000708
EmsisoftGen:Variant.Lazy.359443 (B)
F-SecureHeuristic.HEUR/AGEN.1364952
ZillyaTrojan.Stealer.Win32.132903
TrendMicroTROJ_GEN.R002C0DBN24
Trapminemalicious.high.ml.score
SophosTroj/Krypt-AAI
SentinelOneStatic AI – Malicious PE
VaristW32/Kryptik.KDE.gen!Eldorado
AviraHEUR/AGEN.1364952
MAXmalware (ai score=81)
Antiy-AVLTrojan/Win32.GenKryptik
KingsoftWin32.Trojan-Spy.Stealer.pef
MicrosoftTrojan:Win32/Redlinestealer!ic
XcitiumMalware@#k56dsryiyszj
ArcabitTrojan.Lazy.D57C13
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.pef
GDataWin32.Trojan.Kryptik.TI
GoogleDetected
AhnLab-V3Trojan/Win.REDLINESTEALER.R589955
VBA32TrojanPSW.RedLine
ALYacGen:Variant.Lazy.359443
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DBN24
RisingTrojan.ShellCodeRunner!1.E830 (CLASSIC)
IkarusTrojan.Agent
FortinetW32/GenKryptik.GLDD!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudMalware

How to remove Lazy.359443?

Lazy.359443 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment