Malware

Lazy.95863 (file analysis)

Malware Removal

The Lazy.95863 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Lazy.95863 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Azeri (Latin)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Lazy.95863?



File Info:

name: BE582DF05EEF0EEE61A7.mlw
path: /opt/CAPEv2/storage/binaries/67b89952fbaf8c685862fbf62d7522e249fd6dc48ea2230b3a61fe78828157de
crc32: 308AE2E9
md5: be582df05eef0eee61a7e752faf531dc
sha1: 140576e5c74ad75080604aeb8a11b11cd764208c
sha256: 67b89952fbaf8c685862fbf62d7522e249fd6dc48ea2230b3a61fe78828157de
sha512: b6f0f2a4b89104548bb00489aad8bd62246063ab1d51ba8f991205ebb355b6557853c50a3dc8475cdbaeb29f13390652891b893cbf63ce26559fbc95b9c1a01b
ssdeep: 12288:JMpsa6H6ZcJ5HHYdEzmJNsGkl1E9dSVg:Je25HHeiGNsd3kdj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5842365C698B460F58D39B0545DB9B9471B782305E836F18C5FCFEA69FA0C38F53602
sha3_384: d9d31794163fad2436a6b9d91359222316ed9ad4b48bacc0c42619f8bdc0281bcd261dd013785e603f49b1925e4d5795
ep_bytes: 60be007041008dbe00a0feff5783cdff
timestamp: 2011-03-07 07:22:19


Version Info:

Translation: 0x0409 0x04b0
Comments: SMAC
CompanyName: KLC Consulting, Inc.
FileDescription: SMAC
LegalCopyright: (c) 2003-2005 KLC Consulting, Inc.
LegalTrademarks: SMAC
ProductName: SMAC
FileVersion: 2.00.0005
ProductVersion: 2.00.0005
InternalName: SMAC
OriginalFilename: SMAC.exe

Lazy.95863 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
ClamAVWin.Trojan.Agent-604143
SkyhighBehavesLike.Win32.Generic.fc
ALYacGen:Variant.Lazy.95863
Cylanceunsafe
ZillyaTrojan.VBKrypt.Win32.245532
SangforTrojan.Win32.Save.a
K7AntiVirusNetWorm ( 700000151 )
AlibabaTrojan:Win32/VBKrypt.98849546
K7GWNetWorm ( 700000151 )
CrowdStrikewin/malicious_confidence_90% (W)
ArcabitTrojan.Lazy.D17677
BitDefenderThetaGen:NN.ZevbaF.36744.ymKfaGfnqGoO
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.FKU
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.vblj
BitDefenderGen:Variant.Lazy.95863
NANO-AntivirusTrojan.Win32.Drop.eczpyv
MicroWorld-eScanGen:Variant.Lazy.95863
AvastWin32:Malware-gen
RisingTrojan.VBInject!1.6541 (CLOUD)
EmsisoftGen:Variant.Lazy.95863 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Inject.28225
VIPREGen:Variant.Lazy.95863
TrendMicroTROJ_VBKRYP.SMIG
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.be582df05eef0eee
SophosMal/VBCheMan-C
SentinelOneStatic AI – Malicious PE
JiangminTrojan.VBKrypt.amka
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=94)
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.Trojan.Generic.a
XcitiumBackdoor.Win32.Poison.eu@4l6ea7
MicrosoftVirTool:Win32/VBInject.gen!DM
ZoneAlarmTrojan.Win32.VBKrypt.vblj
GDataGen:Variant.Lazy.95863
VaristW32/VBcrypt.T.gen!Eldorado
McAfeeArtemis!BE582DF05EEF
VBA32BScope.Trojan.Jorik
PandaGeneric Malware
TrendMicro-HouseCallTROJ_VBKRYP.SMIG
YandexTrojan.GenAsa!jDVHMdq2r3o
IkarusTrojan.Win32.VBKrypt
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Refroso.DZP!tr
AVGWin32:Malware-gen
Cybereasonmalicious.5c74ad
DeepInstinctMALICIOUS

How to remove Lazy.95863?

Lazy.95863 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment