Malware

Win32/LeZhuoSoftware.A potentially unwanted removal

Malware Removal

The Win32/LeZhuoSoftware.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/LeZhuoSoftware.A potentially unwanted virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/LeZhuoSoftware.A potentially unwanted?



File Info:

name: B25F1D13F653E3B2C9D0.mlw
path: /opt/CAPEv2/storage/binaries/09f40df734a6a15351e496cc29533f704d3934ef71c93b1f450595932374f67a
crc32: EB464010
md5: b25f1d13f653e3b2c9d0ec031c1a98f9
sha1: 6346b0eda3fd8205e725c34554fd7a2c59660dfc
sha256: 09f40df734a6a15351e496cc29533f704d3934ef71c93b1f450595932374f67a
sha512: 850a8fbcfb6e70fcd95e0d756c1d483c129a516515ff55d4198714cf9cc6da37066d32998cf473b2dac354d5d15a2ff35d5647d2b9148ad6d3cf76e90bd21311
ssdeep: 393216:ehm4c4NxF8AUqovEq6CrmRljTYsRpo3/Vp:ek6F8AUqo7FrmDTYYq3N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5D633F1E92C896CD81E563EF07659744F7399084474F12E930EAA1DBB2BED0E60A31D
sha3_384: 150ae21f14d37c7c4020ee0aa6f1c7d075010c5fd15fa76dc2fbbbda37b92f85c02c456ae8f306b0d3103a4a14b81730
ep_bytes: 60be00f004018dbe00203bff5783cdff
timestamp: 2014-04-10 09:49:30


Version Info:

CompanyName: 深圳市驱动人生软件技术有限公司
FileDescription: 驱动人生6安装程序
FileVersion: 6.0.11.74
InternalName: DTLInstaller
LegalCopyright: Copyright (c) 2013 深圳市驱动人生软件技术有限公司。保留所有权利。
OriginalFilename: DTLInstaller.exe
ProductName: 驱动人生6
ProductVersion: 6.0.11.74
Translation: 0x0804 0x04b0

Win32/LeZhuoSoftware.A potentially unwanted also known as:

BkavW32.Common.B7B5A850
DrWebTrojan.DownLoader15.48038
SkyhighArtemis
McAfeeArtemis!B25F1D13F653
Cylanceunsafe
CrowdStrikewin/grayware_confidence_60% (W)
ESET-NOD32a variant of Win32/LeZhuoSoftware.A potentially unwanted
NANO-AntivirusTrojan.Win32.Xyligan.ekcccb
AvastWin32:Malware-gen
VBA32Trojan.Downloader
YandexTrojan.GenAsa!ggghyz/6R8w
FortinetW32/Generic.AC.34875B!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/LeZhuoSoftware.A potentially unwanted?

Win32/LeZhuoSoftware.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment