Categories: Malware

Lazy.508865 (file analysis)

The Lazy.508865 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.508865 virus can do?

Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Sample contains Overlay data
Uses Windows utilities for basic functionality
Reads data out of its own binary image
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities to create a scheduled task
Behavioural detection: Transacted Hollowing
Checks the version of Bios, possibly for anti-virtualization
Appears to use command line obfuscation
Attempts to disable Windows Defender
Attempts to execute suspicious powershell command arguments
Uses suspicious command line tools or Windows utilities

How to determine Lazy.508865?


File Info:
name: 4274C0DA5A003C5F169A.mlwpath: /opt/CAPEv2/storage/binaries/14d668f84c81e6a4f1afd55febe241fc9cd91663b3d9102abb75a6f21caa6e4dcrc32: 5BB70A31md5: 4274c0da5a003c5f169a13fe1722e957sha1: cc7f0ed677079f29a001398ece199972305a51a6sha256: 14d668f84c81e6a4f1afd55febe241fc9cd91663b3d9102abb75a6f21caa6e4dsha512: d925f631f231bd05f11781395c91bd497146394272187f65cd6ecae5aa4580243d42cb03884ff578f9d968f364cebab8d02a86259048aa3dc104240f69e97f96ssdeep: 196608:91OocOoqifaRph4gKW8eBNTB/zdA572AYjWu:3OHODif2GVW8ATB/zG5KAYyutype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13E76333637D18076E679087356A0DEA44798F3A44F62942F1FD84C5D1EBCED0A12EBB8sha3_384: c2e19da63b508de0e5cdb7f561c110d24b9671c3cb40ab82dddb224f313eb8097c7987c49ac64ff08e620cc00a588d57ep_bytes: 558bec6aff68e0b94100682c4a410064timestamp: 2010-11-18 16:27:35
Version Info:
CompanyName: Igor PavlovFileDescription: 7z Setup SFXFileVersion: 9.20InternalName: 7zS.sfxLegalCopyright: Copyright (c) 1999-2010 Igor PavlovOriginalFilename: 7zS.sfx.exeProductName: 7-ZipProductVersion: 9.20Translation: 0x0409 0x04b0

Lazy.508865 also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Lazy.508865
FireEye	Gen:Variant.Lazy.508865
Skyhigh	BehavesLike.Win32.Neoreklami.wc
McAfee	Artemis!4274C0DA5A00
Sangfor	Adware.Win32.Neoreklami.Vshx
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Adware.Neoreklami.OR
APEX	Malicious
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXEEFZ
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Lolbas.jje
BitDefender	Gen:Variant.Lazy.508865
Avast	Win32:AdwareX-gen [Adw]
Rising	Adware.Neoreklami!1.D0F5 (CLASSIC)
Emsisoft	Gen:Variant.Lazy.508865 (B)
Google	Detected
F-Secure	Heuristic.HEUR/AGEN.1372308
VIPRE	Gen:Variant.Lazy.508865
TrendMicro	TROJ_GEN.R002C0XE324
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Varist	W32/ABAdware.GSTZ-3106
Avira	HEUR/AGEN.1372308
Antiy-AVL	GrayWare[AdWare]/Win32.Neoreklami
Microsoft	Trojan:Win32/Znyonm
Arcabit	Trojan.Lazy.D7C3C1
ZoneAlarm	Trojan.Win32.Lolbas.jje
GData	Gen:Variant.Lazy.508865
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.36804.@B0@aWeGrwei
ALYac	Gen:Variant.Lazy.508865
Malwarebytes	Generic.Malware.AI.DDS
Tencent	Win32.Trojan.Lolbas.Kjgl
MAX	malware (ai score=87)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/Neoreklami
AVG	Win32:AdwareX-gen [Adw]
DeepInstinct	MALICIOUS