Categories: Malware

Lazy.386542 removal

The Lazy.386542 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.386542 virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Arabic (Qatar)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Lazy.386542?


File Info:
name: 93191B5E43C30736FB2B.mlwpath: /opt/CAPEv2/storage/binaries/7c4bc392745b923fa70bd5bdeef01767c56f7e678825ec453fcaea20ce92e7b3crc32: 2A796375md5: 93191b5e43c30736fb2bf40ea82a32d7sha1: 98947f96a9321bc037365692d3b543fba32bec77sha256: 7c4bc392745b923fa70bd5bdeef01767c56f7e678825ec453fcaea20ce92e7b3sha512: 9e4702eccbb6bed58fb388e888882a3e411dab10791aa1c4a0d5897245464054f26e6fe0aa40242bfaf3bdfb1e1d927d2ef5b2141e0d8cbfdd26821e91ddce4dssdeep: 6144:bIh3BP4ucuAZoZn4zYCX+hvf0A2AhQJE2UeGzWTOCbgVRNaO89dpVf9NG8Ow:bgVKWn4zYxL2Ah8RRGLfaO89TR3type: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1B884D061B2CAC4B5F08201320DFDEAB61266FE74476311DBE3D5BB2A2DB12C5293571Bsha3_384: f8f5bf38932e558c7349d53231388b4866dedaedfb05c2ff74f2ea559718e610e65f68128bf2f1564917d23e90c93ef5ep_bytes: e8a50c0000e978feffff8b4df464890dtimestamp: 2020-02-04 15:32:26
Version Info:
CompanyName: Adobe Systems Inc.FileDescription: Adobe Create PDF plug-in listener for ChromeFileVersion: 20.6.20034.366983LegalCopyright: Copyright 1984-2020 Adobe Systems IncorporatedOriginalFilename: WCChromeNativeMessagingHost.exeProductName: Adobe Create PDFProductVersion: 20.6.20034.366983Translation: 0x0409 0x04b0

Lazy.386542 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.386542
FireEye	Generic.mg.93191b5e43c30736
McAfee	GenericRXEB-KP!93191B5E43C3
CrowdStrike	win/malicious_confidence_90% (D)
ESET-NOD32	a variant of Win32/Patched.IP
Kaspersky	VHO:Trojan-Ransom.Win32.Convagent.gen
BitDefender	Gen:Variant.Lazy.386542
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:TrojanX-gen [Trj]
Emsisoft	Gen:Variant.Lazy.386542 (B)
VIPRE	Gen:Variant.Lazy.386542
McAfee-GW-Edition	GenericRXEB-KP!93191B5E43C3
Trapmine	suspicious.low.ml.score
GData	Gen:Variant.Lazy.386542
MAX	malware (ai score=89)
Arcabit	Trojan.Lazy.D5E5EE
ZoneAlarm	VHO:Trojan-Ransom.Win32.Convagent.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.KP.R603327
ALYac	Gen:Variant.Lazy.386542
Rising	Trojan.Generic@AI.86 (RDML:UQBsqzj1FK+YuczpR6Adbg)
AVG	Win32:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS