Malware

Should I remove “Zusy.159328”?

Malware Removal

The Zusy.159328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.159328 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients

Related domains:

samusxxx.hopto.org

How to determine Zusy.159328?



File Info:

name: 868391C7EA8D060D007A.mlw
path: /opt/CAPEv2/storage/binaries/f5297c0eedd893f4c068b2725fbf089245aa73f03739d4dbe687aea88c7a1f2d
crc32: 53637266
md5: 868391c7ea8d060d007a462394a4da2f
sha1: 416baeec1213bc776492bfed4957c51ab61cb9b9
sha256: f5297c0eedd893f4c068b2725fbf089245aa73f03739d4dbe687aea88c7a1f2d
sha512: 897e6cd718c2937ad4dedee8eb7043936cb3e54c641ec5998cf4ffedaa7e501d3a342dd8f88c6e248bbe72d4f7e00d3dfc6d118f4b7bdf4f2ad9bd79a09e8dd0
ssdeep: 3072:zWBMyk9Zb9ZpbdsuBk+CFSrkbqy2meD4l6tiFZBEN3OI:KiVb9HdxS+6S2nZ8t0BRI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6E3F14AFB8B5E17C618477B64A25A3C40317D160611F3777EDD2F9B0EB67C82A0B682
sha3_384: 6a2b083fc237ac1ea8f65027147622fd842d75c9eceffbbdec328a34b199340b11259bacc149c019c0fc7ab2d96c8e9f
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-07-01 15:59:38


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Server
FileVersion: 1.0.0.0
InternalName: Stub.exe
LegalCopyright: Copyright ©  2012
OriginalFilename: Stub.exe
ProductName: Server
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Zusy.159328 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader29.26792
MicroWorld-eScanGen:Variant.Zusy.159328
FireEyeGeneric.mg.868391c7ea8d060d
McAfeeArtemis!868391C7EA8D
CylanceUnsafe
ZillyaTrojan.Generic.Win32.879519
SangforTrojan.Win32.Generic.ky
AlibabaPacked:MSIL/Confuser.d103b2bc
Cybereasonmalicious.7ea8d0
BitDefenderThetaGen:NN.ZemsilF.34294.jm0@aCHna7
CyrenW32/MSIL_Troj.IC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.Confuser.P suspicious
TrendMicro-HouseCallBKDR_HPBLADABI.SM2
Paloaltogeneric.ml
ClamAVWin.Packed.Hpbladabi-6860330-0
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.159328
NANO-AntivirusTrojan.Win32.Confuser.fssmso
SUPERAntiSpywareTrojan.Agent/Gen-Zusy
AvastWin32:Malware-gen
TencentMsil.Worm.Bladabindi.Eawx
Ad-AwareGen:Variant.Zusy.159328
SophosMal/Generic-S
ComodoMalware@#3g0075p8qa2wb
TrendMicroBKDR_HPBLADABI.SM2
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Zusy.159328 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.159328
AviraTR/Dropper.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASBOL.38BB
ArcabitTrojan.Zusy.D26E60
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
ALYacGen:Variant.Zusy.159328
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Agent.MSIL
APEXMalicious
IkarusTrojan.MSIL.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injecto.58E1!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.159328?

Zusy.159328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment