Categories: Malware

Lazy.98814 removal instruction

The Lazy.98814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Lazy.98814 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
.NET file is packed/obfuscated with SmartAssembly
Authenticode signature is invalid
Anomalous .NET characteristics
Collects and encrypts information about the computer likely to send to C2 server
Installs itself for autorun at Windows startup
Anomalous binary characteristics

How to determine Lazy.98814?


File Info:
name: 8E7062D28FA2896C5740.mlwpath: /opt/CAPEv2/storage/binaries/b586bb071752fae8bb82ba097b7da605d75ab83b344886370ad7b5b5cf3c1e6acrc32: 7147F1B8md5: 8e7062d28fa2896c574049157aa939ecsha1: c2a0fd33d133fc15b86252a26af3f629c0c555d5sha256: b586bb071752fae8bb82ba097b7da605d75ab83b344886370ad7b5b5cf3c1e6asha512: 9a327749e74d027623c9a4bfec14c586955cadfe32b8005acbb9cdc7255837b546453a0775eb76227c5c353e96733ce56c949a36530a60869ae31f281b9f3da8ssdeep: 3072:G8o3Kz61dPNv7DWGXsay1OIvwcFrBYXNJB8bEV58M47gLXDIEBfztpPGr32+acC8:So2NzDyay1OIvwaOcbEVKzcBfbW2hcCtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14644F12C5B8D5F53D4EE09BBD4D262708790C866EBCAE34F8A8416F82D183DB54D21CBsha3_384: a621dbb689760b940fc4553810a65ad4867c40a49e1e9f615a243a4ef96379e3548042c89a2e45035386b3565aa0678dep_bytes: ff250020400000000000000000000000timestamp: 2022-01-15 14:51:08
Version Info:
Translation: 0x040c 0x04e4FileDescription: ToYconFileVersion: 0.8.0.0InternalName: ToYconLegalCopyright: © Lefreut 2006-2009OriginalFilename: 222.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0Author: Lefreut

Lazy.98814 also known as:

MicroWorld-eScan	Gen:Variant.Lazy.98814
FireEye	Generic.mg.8e7062d28fa2896c
ALYac	Gen:Variant.Lazy.98814
Malwarebytes	Backdoor.Agent.PGen
K7AntiVirus	Trojan ( 0056f0581 )
BitDefender	Gen:Variant.Lazy.98814
K7GW	Trojan ( 0056f0581 )
Cybereason	malicious.28fa28
BitDefenderTheta	Gen:NN.ZemsilF.34182.qm0@aiAXXMpe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.BFD
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.Agent.gen
Tencent	Malware.Win32.Gencirc.10d00152
DrWeb	Trojan.MulDrop19.25636
TrendMicro	TROJ_GEN.R014C0WAI22
Sophos	ML/PE-A
Ikarus	Trojan.MSIL.Injector
Jiangmin	Backdoor.MSIL.fkgx
Avira	HEUR/AGEN.1125873
MAX	malware (ai score=88)
Antiy-AVL	Trojan/MSIL.Injector
ZoneAlarm	HEUR:Backdoor.MSIL.Agent.gen
GData	Gen:Variant.Lazy.98814
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Skeeyah.C4917920
VBA32	TScope.Trojan.MSIL
TrendMicro-HouseCall	TROJ_GEN.R014C0WAI22
Yandex	Trojan.Injector!4Zkgyy9ynoQ
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/BFD!tr
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (D)