Malware

Lazy.508865 (file analysis)

Malware Removal

The Lazy.508865 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.508865 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Checks the version of Bios, possibly for anti-virtualization
  • Appears to use command line obfuscation
  • Attempts to disable Windows Defender
  • Attempts to execute suspicious powershell command arguments
  • Uses suspicious command line tools or Windows utilities

How to determine Lazy.508865?



File Info:

name: 4274C0DA5A003C5F169A.mlw
path: /opt/CAPEv2/storage/binaries/14d668f84c81e6a4f1afd55febe241fc9cd91663b3d9102abb75a6f21caa6e4d
crc32: 5BB70A31
md5: 4274c0da5a003c5f169a13fe1722e957
sha1: cc7f0ed677079f29a001398ece199972305a51a6
sha256: 14d668f84c81e6a4f1afd55febe241fc9cd91663b3d9102abb75a6f21caa6e4d
sha512: d925f631f231bd05f11781395c91bd497146394272187f65cd6ecae5aa4580243d42cb03884ff578f9d968f364cebab8d02a86259048aa3dc104240f69e97f96
ssdeep: 196608:91OocOoqifaRph4gKW8eBNTB/zdA572AYjWu:3OHODif2GVW8ATB/zG5KAYyu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13E76333637D18076E679087356A0DEA44798F3A44F62942F1FD84C5D1EBCED0A12EBB8
sha3_384: c2e19da63b508de0e5cdb7f561c110d24b9671c3cb40ab82dddb224f313eb8097c7987c49ac64ff08e620cc00a588d57
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

Lazy.508865 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Lazy.508865
FireEyeGen:Variant.Lazy.508865
SkyhighBehavesLike.Win32.Neoreklami.wc
McAfeeArtemis!4274C0DA5A00
SangforAdware.Win32.Neoreklami.Vshx
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Adware.Neoreklami.OR
APEXMalicious
TrendMicro-HouseCallTrojan.Win32.PRIVATELOADER.YXEEFZ
Paloaltogeneric.ml
KasperskyTrojan.Win32.Lolbas.jje
BitDefenderGen:Variant.Lazy.508865
AvastWin32:AdwareX-gen [Adw]
RisingAdware.Neoreklami!1.D0F5 (CLASSIC)
EmsisoftGen:Variant.Lazy.508865 (B)
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1372308
VIPREGen:Variant.Lazy.508865
TrendMicroTROJ_GEN.R002C0XE324
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
VaristW32/ABAdware.GSTZ-3106
AviraHEUR/AGEN.1372308
Antiy-AVLGrayWare[AdWare]/Win32.Neoreklami
MicrosoftTrojan:Win32/Znyonm
ArcabitTrojan.Lazy.D7C3C1
ZoneAlarmTrojan.Win32.Lolbas.jje
GDataGen:Variant.Lazy.508865
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZexaF.36804.@B0@aWeGrwei
ALYacGen:Variant.Lazy.508865
MalwarebytesGeneric.Malware.AI.DDS
TencentWin32.Trojan.Lolbas.Kjgl
MAXmalware (ai score=87)
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/Neoreklami
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove Lazy.508865?

Lazy.508865 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment