Malware

Lazy.51814 malicious file

Malware Removal

The Lazy.51814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.51814 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Lazy.51814?



File Info:

name: 79BE1D1025BAE1E3C384.mlw
path: /opt/CAPEv2/storage/binaries/d9d9ddf1478b5fc06956f803537425c1ba798e3222d8f136326ac3d06e279d2a
crc32: 8627F223
md5: 79be1d1025bae1e3c3843345d053cae5
sha1: 1a5581222fb94e07b252f47f9a16a2685c5b021c
sha256: d9d9ddf1478b5fc06956f803537425c1ba798e3222d8f136326ac3d06e279d2a
sha512: 0c76069b339a0c7a60dec253869e6510e9c046a1dad8e07dda43dde542d5717354dbc8636981e7cfc15e643e384c5399156754ee7f6492dbc40df656db7997e8
ssdeep: 24576:5hqmtNgR904jUm4DUGt3rEN1t8AG5ffSPp:5hqmt+RfAPrGpIHSx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D16FAD1FB13DE07F7A0C57C94627F558EDD30AB2BA3A4F8F8AC6498EA8C120114A557
sha3_384: f88bf760e30a6904e9800d0265fd935c4587d376af1bd52001e2f87b54e2f4917f4e413eff6261f385e4c7abfd8def54
ep_bytes: 31ffff15461a420089c2680ff28a1168
timestamp: 2021-11-27 04:32:16


Version Info:

FileVersion: 5, 4, 0, 4
Comments: Etacist
CompanyName: Fortinet
InternalName: Behavior
Cahenslyism: Unshowable
Engnessang: Unstumbling
Unequalable: Semichannel
Pudge: Scyphus
Impersonally: Aistopodes
Conceiver: Overrent
Enzone: Gowkedly
Tettigoniidae: Diswench
Dorp: Ironmonger
Pregnantly: Oligopolistic
Forpit: Daunting
Landplane: Haltingness
Thermogeny: Zenithal
Vegeteness: Bivalency
Unwarrantably: Orthotype
Conidiospore: Gartering
Exeunt: Gamelotte
Bellyer: Gagelike
Extraparental: Supervisor
Propessimism: Roborean
Extemporarily: Defeatment
Reawaken: Ordinative
Verbiculture: Successless
Rebolt: Gelatinously
Purity: Overburden
Phyllanthus: Constrainedly
Facies: Weirangle
Medusal: Outfield
Clivis: Monarchess
Ungrammaticism: Hypericin
Acropora: Penannular
Beguine: Octodecimal
Sambunigrin: Apogamically
Growing: Laborsomely
Disingenuous: Funniness
Foresing: Rummily
Spectrocolorimetry: Unstarred
Postamniotic: Hypocotylous
Exdelicto: Hoodful
Drapeable: Setness
Reperible: Agyrate
Araujia: Auncel
Tobogganer: Cantharidize
Quincunxial: Criticship
Wanderlust: Hereditable
Neuroplasty: Coelastrum
Overlittle: Coseat
Coleochaetaceous: Decian
Cormac: Leucotomy
Vaticinatrix: Spicehouse
Scruplesomeness: Bassa
Processionwise: Seascapist
Cervicitis: Pridefulness
Chillum: Plinthiform
Nutmeggy: Aerogenically
Archsnob: Intershock
Propper: Saccharization
Ungangrened: Resistiveness
Bemuck: Auscultate
Astalk: Elapsoidea
Gastropodous: Intergraft
Godlikeness: Unconciliatory
Lathyrus: Currishness
PrivateBuild: Ottomanic
Translation: 0x0409 0x04e4

Lazy.51814 also known as:

LionicTrojan.Win32.SelfDel.4!c
MicroWorld-eScanGen:Variant.Lazy.51814
FireEyeGeneric.mg.79be1d1025bae1e3
ALYacGen:Variant.Lazy.51814
CylanceUnsafe
K7AntiVirusTrojan ( 0058afe91 )
BitDefenderGen:Variant.Lazy.51814
K7GWTrojan ( 0058afe91 )
ESET-NOD32a variant of Win32/GenKryptik.FOBQ
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.SelfDel.hvnh
RisingTrojan.Generic@ML.84 (RDML:DPJSsiSBFhXA8JPuYs1c9Q)
Ad-AwareGen:Variant.Lazy.51814
EmsisoftGen:Variant.Lazy.51814 (B)
DrWebProgram.Unwanted.2520
McAfee-GW-EditionArtemis
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
AviraTR/Kryptik.lxbsu
MAXmalware (ai score=82)
MicrosoftTrojan:Script/Phonzy.B!ml
GridinsoftRansom.Win32.Sabsik.sa
GDataWin32.Application.iObit.B
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.CryptBot.C4790455
Acronissuspicious
McAfeeArtemis!79BE1D1025BA
MalwarebytesTrojan.Dropper
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002H0DKR21
TencentWin32.Trojan.Selfdel.Akfu
YandexTrojan.Cryptor!9sbNqaXL2VE
eGambitPE.Heur.InvalidSig
FortinetRiskware/GenKryptik
BitDefenderThetaGen:NN.ZexaF.34062.@t2@aOqkcmdi
AVGWin32:MalwareX-gen [Trj]
AvastWin32:MalwareX-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Lazy.51814?

Lazy.51814 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment