Malware

Lazy.388432 (file analysis)

Malware Removal

The Lazy.388432 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.388432 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Lazy.388432?



File Info:

name: 5008DF575EC08A6FB7D3.mlw
path: /opt/CAPEv2/storage/binaries/233ec2449ec6432b98d3488dab458ae3ea60624f925d8e0438a08929f88b98b6
crc32: 86A9EB14
md5: 5008df575ec08a6fb7d32005e3e2a680
sha1: c0b96ec2b92ba777d7434ce4b846023b8b179929
sha256: 233ec2449ec6432b98d3488dab458ae3ea60624f925d8e0438a08929f88b98b6
sha512: 418f42fc3e404bfe527e6f4d610f5d02b32ecbb216eebbb11fe6c73b8e463ce54f98c3fc05ef5a3289b827c0a5fd4713053f63917a99908470b7c4bc4ce5610c
ssdeep: 98304:92UzUnaIWOHueVSPZVykF5HsJUPYBkZglCnnqUE40fiDfnlrV:O7V0Vy45M4gEnqN4iijnl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A2668D317C86C169E251007159A9BFF5819CDC364BB208C77AC46F7A9A613CB7E31F2A
sha3_384: 32e5c7f21df5a5bf91175db157ae2f01e40590dd1106d98b5158fba9f6f655417e384e33f806aceb420160fbceb26a91
ep_bytes: e8b6070000e978feffff558bec6a00ff
timestamp: 2022-11-14 20:25:07


Version Info:

CompanyName: Adobe Systems Incorporated
EnglishName: English
FileDescription: Adobe Collaboration Synchronizer 22.3
FileVersion: 22.3.20282.0
LanguageId: 0409
LegalCopyright: Copyright 1984-2022 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename: AdobeCollabSync.exe
ProductVersion: 22.3.20282.0
Signature: Read
ProductName: Adobe Collaboration Synchronizer
Translation: 0x0409 0x04e4

Lazy.388432 also known as:

BkavW32.AIDetectMalware
AVGWin32:Malware-gen
MicroWorld-eScanGen:Variant.Lazy.388432
FireEyeGeneric.mg.5008df575ec08a6f
ALYacGen:Variant.Lazy.388432
VIPREGen:Variant.Lazy.388432
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
BitDefenderGen:Variant.Lazy.388432
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Malware-gen
McAfee-GW-EditionBehavesLike.Win32.Injector.vc
EmsisoftGen:Variant.Lazy.388432 (B)
GDataGen:Variant.Lazy.388432
Antiy-AVLTrojan/Win32.Wacatac
ArcabitTrojan.Lazy.D5ED50
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Win.Generic.C5483016
MAXmalware (ai score=88)
VBA32BScope.TrojanDownloader.Emotet
FortinetW32/Patched.IP!tr
BitDefenderThetaGen:NN.ZexaF.36662.@B0@a0KECwli
DeepInstinctMALICIOUS

How to remove Lazy.388432?

Lazy.388432 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment