About “Lazy.75929 (B)” infection

The Lazy.75929 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Lazy.75929 (B) virus can do?

Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Lazy.75929 (B)?


File Info:
name: 096A3CF76AFD52FB51E8.mlw
path: /opt/CAPEv2/storage/binaries/5ecf05ce3d0d90f95b1ae18dabf80dae06b1e965c29ddd9ad4072e60e18eb81c
crc32: A80D69D5
md5: 096a3cf76afd52fb51e8a82c1c5a3d44
sha1: 44ac5c78d3f18e0602f9a5346d1736b03b7018f6
sha256: 5ecf05ce3d0d90f95b1ae18dabf80dae06b1e965c29ddd9ad4072e60e18eb81c
sha512: 54c6a72f60b1b18f1360432a73ec25be60423a542765186c5885fc129f5b01b4c57dc661a37f5123be56b9e6973779e5d101edef47b48c0b8ede171fd8aeb23e
ssdeep: 24576:L48N8D7t1GBUwjBXD9BK5+t0pOdR35SuZqhae16CGbfxEXYGaKqM:BKn7wFXrJeODbZqhaK6zbfqdl
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T16AB591036E9C4071D0AF7D314D65D7DAA6207D018A22BE8B2ED47E9DEFB26C0792D631
sha3_384: 84f97480c0b2562939fbdef32324fe6063fcbd5133a985dd080f75498a831d2d2d67ff7fa22dfc4c0d9e115b7ed83e4c
ep_bytes: 40534883ec20488bd9e88a050000488b
timestamp: 2100-03-02 06:33:42

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Client Server Runtime Process
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: CSRSS.Exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CSRSS.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Lazy.75929 (B) also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Win32.HLLW.Autoruner.547
MicroWorld-eScan	Gen:Variant.Lazy.75929
FireEye	Gen:Variant.Lazy.75929
McAfee	Artemis!096A3CF76AFD
Malwarebytes	Malware.AI.3696146603
Alibaba	TrojanDropper:Win32/Ipamor.2d32dfa1
Cyren	W64/Ipamor.CZ.gen!Eldorado
Symantec	Trojan.Gen.MBT
Avast	Win32:VB-FBX
ClamAV	Win.Worm.Vindor-9886047-0
BitDefender	Gen:Variant.Lazy.75929
Emsisoft	Gen:Variant.Lazy.75929 (B)
McAfee-GW-Edition	BehavesLike.Win64.Expiro.vm
Sophos	Mal/Generic-S
Paloalto	generic.ml
Avira	TR/Dropper.Gen
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
GData	Gen:Variant.Lazy.75929
Cynet	Malicious (score: 100)
VBA32	Worm.AutoRun
ALYac	Gen:Variant.Lazy.75929
MAX	malware (ai score=82)
Yandex	Trojan.Agent!jyAVzBg6ew4
SentinelOne	Static AI – Malicious PE
Fortinet	W64/Bulz.6330!tr
AVG	Win32:VB-FBX
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Lazy.75929 (B)?

Lazy.75929 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X