Malware

Lazy.62902 (B) removal instruction

Malware Removal

The Lazy.62902 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.62902 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Lazy.62902 (B)?



File Info:

name: 035339C1AA787C9B150C.mlw
path: /opt/CAPEv2/storage/binaries/f33ae9174b958bb3229ade675998982c5b6f44dcaddf5f1978e72be7c5920c4e
crc32: 4E20CABD
md5: 035339c1aa787c9b150cb4fbb5486c58
sha1: 5dbe7a6a5aa9d4e8d32f4cea42e40a34857c1d77
sha256: f33ae9174b958bb3229ade675998982c5b6f44dcaddf5f1978e72be7c5920c4e
sha512: 6944efc98faa7ccb29ab5bda8bc152e18820dbd022ffc6f866ac27e6e30e7c86bcdd343b76d17acbe1468e70c34ac71bc0875de558461269a74473764f5160f7
ssdeep: 98304:Os/VUxhCul6r5hU6+7iQrCyTawIC343hKr5Ftor5Ftt:Os/y2u8hT+7XrCRww03ti3t
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124564AE05944D8D1D18C4E31D22106FD176B0C95EC8868EBC9B9BE2C3CB63A5B2D59FE
sha3_384: 8198ab9463478aef5964800c802938820f7652bf9ee66946a87619d634f62ee11c58cd4985560fb94fab1999891ed2f6
ep_bytes: e856020000e97afeffff558becff7508
timestamp: 2021-11-30 23:35:05


Version Info:

CompanyName: AMS Software
FileDescription: ФотоДОКТОР
FileVersion: 3.15.0.1901
InternalName: FOTODOCTOR
LegalCopyright: © AMS Software 2003-2018
LegalTrademarks: 
OriginalFilename: FotoDoctor.exe
ProductName: ФотоДОКТОР
ProductVersion: 3.15
Comments: 
Translation: 0x0419 0x04e3

Lazy.62902 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Adload.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.62902
FireEyeGeneric.mg.035339c1aa787c9b
ALYacGen:Variant.Lazy.62902
CylanceUnsafe
SangforTrojan.Win32.Adload.gen
AlibabaAdWare:Win32/AdLoad.1395a664
K7GWTrojan ( 0058b3e41 )
K7AntiVirusTrojan ( 0058b3e41 )
CyrenW32/Kryptik.FWU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNMZ
TrendMicro-HouseCallTROJ_GEN.R011C0WL521
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9920422-0
KasperskyHEUR:Trojan-Downloader.Win32.Adload.gen
BitDefenderGen:Variant.Lazy.62902
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Kryptik.Dax
Ad-AwareGen:Variant.Lazy.62902
EmsisoftGen:Variant.Lazy.62902 (B)
ZillyaTrojan.Kryptik.Win32.3637723
TrendMicroTROJ_GEN.R011C0WL521
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDownloader.Adload.aijw
AviraTR/Crypt.XPACK.Gen2
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.34E35AC
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.2KAC6G
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R456142
McAfeeGenericRXAA-FA!035339C1AA78
VBA32BScope.TrojanDownloader.Adload
MalwarebytesAdware.DownloadAssistant
APEXMalicious
RisingDownloader.Adload!8.D1 (CLOUD)
YandexTrojan.Kryptik!7hWKuXJO6HM
FortinetW32/Kryptik.HNMZ!tr
AVGWin32:AdwareX-gen [Adw]
PandaTrj/GdSda.A

How to remove Lazy.62902 (B)?

Lazy.62902 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment