Malware

About “Lazy.79288” infection

Malware Removal

The Lazy.79288 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.79288 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Polish
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo

How to determine Lazy.79288?



File Info:

name: D6799ABE9BF2FE0565D5.mlw
path: /opt/CAPEv2/storage/binaries/486f6291804316babaf51834d3bc8495e2d863c9259dea922ee2522aea256992
crc32: D3A26005
md5: d6799abe9bf2fe0565d5ac1c96764ec3
sha1: 462ee891ac025872235764a0c68d100eaacb35f7
sha256: 486f6291804316babaf51834d3bc8495e2d863c9259dea922ee2522aea256992
sha512: 98395d3e0b300d5cae15eec31a40a50b98b359b28768527b50c273b8bc28a7f18a9c4a26d44dec7aec21ff5e69707673e6055967770b1c5ad38c29d5d566e5be
ssdeep: 3072:XWOz68OWz45hoiQgcJoFnYZXzjuaJnjhp+9Lt:XWOWFQ0hZQgerjuAjhp+D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T193E30290B581C596C054197042734F00E536AC15BBA4EFFB5F86AE5EED331CAC63A39B
sha3_384: 0527a5da2f93711e4eb95ced2adc87df63f7147102c1508ed8c12afd3648e6ebd0d015dfebe0cb444934dcf078a449c4
ep_bytes: 60be005042008dbe00c0fdff57eb0b90
timestamp: 2005-06-06 02:49:08


Version Info:

Comments: dearth fevered
CompanyName: zoneLINK
FileDescription: dots exceptionally
FileVersion: 150, 68, 33, 35
InternalName: coasted desperately
LegalCopyright: capitalist flushes
LegalTrademarks: censure foreigners
OriginalFilename: erratic.exe
PrivateBuild: convicting
ProductName: dwindle flickered
ProductVersion: 239, 100, 116, 108
SpecialBuild: fish

Lazy.79288 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Tinba.153
MicroWorld-eScanGen:Variant.Lazy.79288
FireEyeGeneric.mg.d6799abe9bf2fe05
McAfeeGenericRXAA-AA!D6799ABE9BF2
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1594704
K7AntiVirusTrojan ( 00547e251 )
AlibabaTrojan:Win32/Tinba.236f311a
K7GWTrojan ( 00547e251 )
Cybereasonmalicious.e9bf2f
BitDefenderThetaGen:NN.ZexaF.34084.imKfaGdnQVmO
CyrenW32/S-104687bc!Eldorado
SymantecTrojan.Tinba!gm
ESET-NOD32a variant of Win32/Kryptik.DGSN
TrendMicro-HouseCallTROJ_GEN.R002C0DL521
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.79288
NANO-AntivirusTrojan.Win32.Tinba.dreczt
AvastFileRepMalware
TencentMalware.Win32.Gencirc.10cf8e8f
Ad-AwareGen:Variant.Lazy.79288
EmsisoftGen:Variant.Lazy.79288 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DL521
McAfee-GW-EditionObfuscated-FAAH!4B2412C1A116
SophosML/PE-A + Mal/Tinba-I
IkarusTrojan.Win32.Tinba
GDataGen:Variant.Lazy.79288
JiangminTrojan/Banker.Tinba.ank
AviraHEUR/AGEN.1118863
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.1070716
ArcabitTrojan.Lazy.D135B8
MicrosoftTrojan:Win32/Tinba.F
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.FAAH.C4788321
VBA32TrojanBanker.Tinba
ALYacGen:Variant.Lazy.79288
TACHYONBanker/W32.Tinba.248320
MalwarebytesMalware.AI.2539815850
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Deshacop.XO!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Lazy.79288?

Lazy.79288 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment