Malware

Lazy.386542 removal

Malware Removal

The Lazy.386542 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.386542 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Arabic (Qatar)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Lazy.386542?



File Info:

name: 93191B5E43C30736FB2B.mlw
path: /opt/CAPEv2/storage/binaries/7c4bc392745b923fa70bd5bdeef01767c56f7e678825ec453fcaea20ce92e7b3
crc32: 2A796375
md5: 93191b5e43c30736fb2bf40ea82a32d7
sha1: 98947f96a9321bc037365692d3b543fba32bec77
sha256: 7c4bc392745b923fa70bd5bdeef01767c56f7e678825ec453fcaea20ce92e7b3
sha512: 9e4702eccbb6bed58fb388e888882a3e411dab10791aa1c4a0d5897245464054f26e6fe0aa40242bfaf3bdfb1e1d927d2ef5b2141e0d8cbfdd26821e91ddce4d
ssdeep: 6144:bIh3BP4ucuAZoZn4zYCX+hvf0A2AhQJE2UeGzWTOCbgVRNaO89dpVf9NG8Ow:bgVKWn4zYxL2Ah8RRGLfaO89TR3
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B884D061B2CAC4B5F08201320DFDEAB61266FE74476311DBE3D5BB2A2DB12C5293571B
sha3_384: f8f5bf38932e558c7349d53231388b4866dedaedfb05c2ff74f2ea559718e610e65f68128bf2f1564917d23e90c93ef5
ep_bytes: e8a50c0000e978feffff8b4df464890d
timestamp: 2020-02-04 15:32:26


Version Info:

CompanyName: Adobe Systems Inc.
FileDescription: Adobe Create PDF plug-in listener for Chrome
FileVersion: 20.6.20034.366983
LegalCopyright: Copyright 1984-2020 Adobe Systems Incorporated
OriginalFilename: WCChromeNativeMessagingHost.exe
ProductName: Adobe Create PDF
ProductVersion: 20.6.20034.366983
Translation: 0x0409 0x04b0

Lazy.386542 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.386542
FireEyeGeneric.mg.93191b5e43c30736
McAfeeGenericRXEB-KP!93191B5E43C3
CrowdStrikewin/malicious_confidence_90% (D)
ESET-NOD32a variant of Win32/Patched.IP
KasperskyVHO:Trojan-Ransom.Win32.Convagent.gen
BitDefenderGen:Variant.Lazy.386542
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Lazy.386542 (B)
VIPREGen:Variant.Lazy.386542
McAfee-GW-EditionGenericRXEB-KP!93191B5E43C3
Trapminesuspicious.low.ml.score
GDataGen:Variant.Lazy.386542
MAXmalware (ai score=89)
ArcabitTrojan.Lazy.D5E5EE
ZoneAlarmVHO:Trojan-Ransom.Win32.Convagent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.KP.R603327
ALYacGen:Variant.Lazy.386542
RisingTrojan.Generic@AI.86 (RDML:UQBsqzj1FK+YuczpR6Adbg)
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Lazy.386542?

Lazy.386542 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment