Categories: Malware

Lazy.51624 removal instruction

The Lazy.51624 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.51624 virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
A process created a hidden window
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Deletes its original binary from disk
CAPE detected the CryptBot malware family
Checks the CPU name from registry, possibly for anti-virtualization
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Lazy.51624?


File Info:
name: 59BB5424FD226C1978D3.mlwpath: /opt/CAPEv2/storage/binaries/eb521510d818a20db7e7a09c5bd1001f9645418925a9e75af5b7663bd4d3e233crc32: 353ADE4Emd5: 59bb5424fd226c1978d305f42076f666sha1: ab5204c03e7f44418452ea13d25c5678f5315c63sha256: eb521510d818a20db7e7a09c5bd1001f9645418925a9e75af5b7663bd4d3e233sha512: 52a3befc95c1e714a1e9d05752ada69b6a84f67d997c442287b385a96e25a5bcf27c25c31ced9160b8b7ec2d544166b1a0a3a5bbcaec154e237af8a8db1ec977ssdeep: 12288:2B2oTR7fzP6ijPD/XbLznsvQ3ZlCOkFwkATdFZl0GQ/jPD/XbLzKF:Tot7fTso33lk3ATdFfK0type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T177F5FAD1FB13DE07F7A0D43895626EA58EDD34FB2BA3A4F8F85C74A4DA8C220054A547sha3_384: d8a1a90e2542cd79ad7cb7591ec3b6f2611589c77898b29247194cb235d6ade5576603c8b8f64c49772f34a06d3ce4bbep_bytes: 31ffff1546fa410089c2682990abcd68timestamp: 2021-11-27 03:48:14
Version Info:
FileVersion: 3, 7, 4, 2CompanyName: FortinetInternalName: AnchisesRoughness: UncharitablyDilatedly: GagershipCresylic: IxionianSoothful: AporobranchiataOmniactuality: SphenofrontalCounterdistinguish: SwackingActinautography: UnelbowedSupplementation: TiltmakingEntophytically: OerTroche: PococurantistInoccupation: FurcraeaRevertal: ArmiferousWarrin: ElectrosherardizingImpeccant: PlicaterDemiglobe: IllegitimationBaba: SauveHemidysergia: ExognathionOmnipresently: PepticalAntimerger: MoxoVarnishlike: TorpitudeImpecuniousness: CrankousNondifferentation: NoncomplyingProtoclastic: CraniometricPollicitation: ModeratismPorcate: MyxothecaBlastie: MorbiferousTranslationally: SuperaffiliationAcroceratidae: CladosiphonicColeplant: MisdirectTortricine: OpportunistNoninformative: DuoleSubofficial: ChainsmithProvisive: EleutherarchPicroerythrin: ChromatocyteLurement: JohnsonianismGaonate: TrichostrongylusTristichic: ManukaIntensionally: CursorilyBusaos: KermisVaccinoid: ThermopolypneicQuakership: EducatedUnsacramentarian: CoquecigruePlethodontid: ShoaRepresentamen: PhilorchidaceousXiphisterna: SynapticulaAtmosphereful: ParsonsiteOxyntic: PancraticallyUnfloatable: VajrasanaSuccinous: AntereformationZimentwater: PseudoembryonicHousemastership: SorbiteImpulsivity: SartorianOveraffirmation: OligonephricRefect: LargenessMarylandian: MulligrubsPhacoscope: AntevaLegalTrademarks: EpicytePrivateBuild: OphidiidaeTranslation: 0x0409 0x04e4

Lazy.51624 also known as:

Lionic	Trojan.Win32.SelfDel.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.51624
FireEye	Generic.mg.59bb5424fd226c19
CAT-QuickHeal	Trojan.Selfdel
ALYac	Gen:Variant.Lazy.51624
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/SelfDel.73679aee
K7GW	Spyware ( 0054b9f91 )
K7AntiVirus	Spyware ( 0054b9f91 )
BitDefenderTheta	Gen:NN.ZexaF.34084.xt2@a4!qkrki
Cyren	W32/SelfDel.H.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	Win32/Spy.Agent.PRG
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.SelfDel.hvnj
BitDefender	Gen:Variant.Lazy.51624
NANO-Antivirus	Trojan.Win32.Dwn.jikbdv
Tencent	Win32.Trojan.Selfdel.Syil
Ad-Aware	Gen:Variant.Lazy.51624
DrWeb	Trojan.DownLoader44.6925
Zillya	Trojan.Agent.Win32.2592628
TrendMicro	TROJ_GEN.R002C0WKU21
Ikarus	Trojan-Spy.Win32.CoinStealer
Jiangmin	Trojan.Selfdel.tbt
eGambit	PE.Heur.InvalidSig
Avira	TR/AD.GenSteal.xrlse
MAX	malware (ai score=89)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
GData	Gen:Variant.Lazy.51624
AhnLab-V3	Infostealer/Win.CryptBot.C4790455
Acronis	suspicious
VBA32	Trojan.SelfDel
Malwarebytes	Spyware.PasswordStealer
TrendMicro-HouseCall	TROJ_GEN.R002C0WKU21
Yandex	Trojan.SelfDel!ocF6JBRAoAU
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/Agent.PRG!tr.spy
Panda	Trj/GdSda.A