Malware

What is “Lazy.44221”?

Malware Removal

The Lazy.44221 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.44221 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid

How to determine Lazy.44221?



File Info:

name: 652F8FC7ED4E538EE436.mlw
path: /opt/CAPEv2/storage/binaries/f9800d6a6206d4326be4706db88f91ae7c87cfbb5f0101951a47d5dccd9d9e75
crc32: B4D19B87
md5: 652f8fc7ed4e538ee436a8fc78a037d1
sha1: 470bf2b3dea85c68de0b169d1b4a8562c31f7299
sha256: f9800d6a6206d4326be4706db88f91ae7c87cfbb5f0101951a47d5dccd9d9e75
sha512: 908be1c27a2983448bfd898135cdf595b338ed17a553325ebf6cbec82f59e406104c253f2a9fd755a9384fd2bb2dc1b7dc7d84a5623606bf7a0fbbd1ba4823e9
ssdeep: 768:b52vT25m4KTvngaANZR5cvcVal/RmfYUWqHZ4LMHJOfkH6iaZyre:b2K5m4K7gajvYatRmgUWqHuSJOfkHja
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17523BF9037E75364D1A9CCB555352E430328EB4BA7E0971E05BE026F441EE6A33D37E6
sha3_384: 3389ff42480420966f17a99ed846875e67290293b24bccc26b7c3c12cb3317dd0489519c229b71f95f51c8d44b2b642f
ep_bytes: ff254047400000005f436f724578654d
timestamp: 2021-12-04 10:58:53


Version Info:

Translation: 0x0000 0x04b0
CompanyName: flashfalcon
FileDescription: smugglerroom
FileVersion: 13.21.76.10
InternalName: ballet.exe
LegalCopyright: grade © sector
OriginalFilename: ballet.exe
ProductName: annoying
ProductVersion: 13.21.76.10
Assembly Version: 13.21.76.10

Lazy.44221 also known as:

LionicTrojan.MSIL.Bladabindi.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.44221
FireEyeGeneric.mg.652f8fc7ed4e538e
McAfeeArtemis!652F8FC7ED4E
CylanceUnsafe
K7AntiVirusTrojan ( 0053e5881 )
AlibabaBackdoor:MSIL/Bladabindi.2b021a1f
K7GWTrojan ( 0053e5881 )
Cybereasonmalicious.3dea85
BitDefenderThetaGen:NN.ZemsilF.34084.cm0@ameW!Ok
CyrenW32/Trojan.HFOB-6054
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.PSV
TrendMicro-HouseCallTROJ_GEN.R022C0WL621
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderGen:Variant.Lazy.44221
AvastWin32:MalwareX-gen [Trj]
TencentMsil.Backdoor.Bladabindi.Wmjf
Ad-AwareGen:Variant.Lazy.44221
EmsisoftGen:Variant.Lazy.44221 (B)
TrendMicroTROJ_GEN.R022C0WL621
McAfee-GW-EditionBehavesLike.Win32.Generic.pc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraTR/Kryptik.dwopb
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.34E6D17
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftBackdoor:Win32/Bladabindi!ml
GDataGen:Variant.Lazy.44221
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalwareX-gen.C4818231
ALYacGen:Variant.Lazy.44221
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Crypt.MSIL
APEXMalicious
IkarusTrojan.MSIL.Crypt
eGambitUnsafe.AI_Score_66%
FortinetMSIL/Kryptik.PSV!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Lazy.44221?

Lazy.44221 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment