Malware

Lazy.51624 removal instruction

Malware Removal

The Lazy.51624 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.51624 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Lazy.51624?



File Info:

name: 59BB5424FD226C1978D3.mlw
path: /opt/CAPEv2/storage/binaries/eb521510d818a20db7e7a09c5bd1001f9645418925a9e75af5b7663bd4d3e233
crc32: 353ADE4E
md5: 59bb5424fd226c1978d305f42076f666
sha1: ab5204c03e7f44418452ea13d25c5678f5315c63
sha256: eb521510d818a20db7e7a09c5bd1001f9645418925a9e75af5b7663bd4d3e233
sha512: 52a3befc95c1e714a1e9d05752ada69b6a84f67d997c442287b385a96e25a5bcf27c25c31ced9160b8b7ec2d544166b1a0a3a5bbcaec154e237af8a8db1ec977
ssdeep: 12288:2B2oTR7fzP6ijPD/XbLznsvQ3ZlCOkFwkATdFZl0GQ/jPD/XbLzKF:Tot7fTso33lk3ATdFfK0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T177F5FAD1FB13DE07F7A0D43895626EA58EDD34FB2BA3A4F8F85C74A4DA8C220054A547
sha3_384: d8a1a90e2542cd79ad7cb7591ec3b6f2611589c77898b29247194cb235d6ade5576603c8b8f64c49772f34a06d3ce4bb
ep_bytes: 31ffff1546fa410089c2682990abcd68
timestamp: 2021-11-27 03:48:14


Version Info:

FileVersion: 3, 7, 4, 2
CompanyName: Fortinet
InternalName: Anchises
Roughness: Uncharitably
Dilatedly: Gagership
Cresylic: Ixionian
Soothful: Aporobranchiata
Omniactuality: Sphenofrontal
Counterdistinguish: Swacking
Actinautography: Unelbowed
Supplementation: Tiltmaking
Entophytically: Oer
Troche: Pococurantist
Inoccupation: Furcraea
Revertal: Armiferous
Warrin: Electrosherardizing
Impeccant: Plicater
Demiglobe: Illegitimation
Baba: Sauve
Hemidysergia: Exognathion
Omnipresently: Peptical
Antimerger: Moxo
Varnishlike: Torpitude
Impecuniousness: Crankous
Nondifferentation: Noncomplying
Protoclastic: Craniometric
Pollicitation: Moderatism
Porcate: Myxotheca
Blastie: Morbiferous
Translationally: Superaffiliation
Acroceratidae: Cladosiphonic
Coleplant: Misdirect
Tortricine: Opportunist
Noninformative: Duole
Subofficial: Chainsmith
Provisive: Eleutherarch
Picroerythrin: Chromatocyte
Lurement: Johnsonianism
Gaonate: Trichostrongylus
Tristichic: Manuka
Intensionally: Cursorily
Busaos: Kermis
Vaccinoid: Thermopolypneic
Quakership: Educated
Unsacramentarian: Coquecigrue
Plethodontid: Shoa
Representamen: Philorchidaceous
Xiphisterna: Synapticula
Atmosphereful: Parsonsite
Oxyntic: Pancratically
Unfloatable: Vajrasana
Succinous: Antereformation
Zimentwater: Pseudoembryonic
Housemastership: Sorbite
Impulsivity: Sartorian
Overaffirmation: Oligonephric
Refect: Largeness
Marylandian: Mulligrubs
Phacoscope: Anteva
LegalTrademarks: Epicyte
PrivateBuild: Ophidiidae
Translation: 0x0409 0x04e4

Lazy.51624 also known as:

LionicTrojan.Win32.SelfDel.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.51624
FireEyeGeneric.mg.59bb5424fd226c19
CAT-QuickHealTrojan.Selfdel
ALYacGen:Variant.Lazy.51624
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/SelfDel.73679aee
K7GWSpyware ( 0054b9f91 )
K7AntiVirusSpyware ( 0054b9f91 )
BitDefenderThetaGen:NN.ZexaF.34084.xt2@a4!qkrki
CyrenW32/SelfDel.H.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32Win32/Spy.Agent.PRG
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.SelfDel.hvnj
BitDefenderGen:Variant.Lazy.51624
NANO-AntivirusTrojan.Win32.Dwn.jikbdv
TencentWin32.Trojan.Selfdel.Syil
Ad-AwareGen:Variant.Lazy.51624
DrWebTrojan.DownLoader44.6925
ZillyaTrojan.Agent.Win32.2592628
TrendMicroTROJ_GEN.R002C0WKU21
IkarusTrojan-Spy.Win32.CoinStealer
JiangminTrojan.Selfdel.tbt
eGambitPE.Heur.InvalidSig
AviraTR/AD.GenSteal.xrlse
MAXmalware (ai score=89)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GDataGen:Variant.Lazy.51624
AhnLab-V3Infostealer/Win.CryptBot.C4790455
Acronissuspicious
VBA32Trojan.SelfDel
MalwarebytesSpyware.PasswordStealer
TrendMicro-HouseCallTROJ_GEN.R002C0WKU21
YandexTrojan.SelfDel!ocF6JBRAoAU
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Agent.PRG!tr.spy
PandaTrj/GdSda.A

How to remove Lazy.51624?

Lazy.51624 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment