Malware

About “Zusy.227549” infection

Malware Removal

The Zusy.227549 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.227549 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • EternalBlue behavior
  • Creates a copy of itself
  • Generates some ICMP traffic
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
mbfce24rgn65bx3g.2kzm0f.com
mbfce24rgn65bx3g.6t4u2p.net

How to determine Zusy.227549?



File Info:

crc32: F9CC9DF2
md5: 5ccfd016ff0d53b0ef6622d2f1a14c92
name: 5CCFD016FF0D53B0EF6622D2F1A14C92.mlw
sha1: 05260d63a404b4ff41b5f338d327a8f979e8b960
sha256: 6c004fcb28460d2452ec7216511743502223a92d0f190a71a7d740b748760f77
sha512: 551f7f146bee385456d78dcdcefb23af5a6f81d01225c1ae1bbf1d38617c749339a8183c0e2c06264c3cbfc1011f246542400d39fdfae2c97ed26cc84390c902
ssdeep: 6144:QF9ZexPuKRq+ciszxe5XN9GXqaJP3ST8Z2v26WHurBVkIWRC+rfIJuqx3S:WaxPuKRlciyoNNwXqax3ST86WHurPrE
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2016  All rights reserved.
InternalName: Pet Remains
FileVersion: 6.9.52.6
CompanyName: Pinterest
PrivateBuild: 6.9.52.6
LegalTrademarks: Copyright xa9 2016  All rights reserved.
ProductName: Pet Remains
ProductVersion: 6.9.52.6
FileDescription: Neper Export Harmony Guys
OriginalFilename: Pet Remains.exe
Translation: 0x0409 0x04b0

Zusy.227549 also known as:

K7AntiVirusTrojan ( 004f76a01 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.10433
ClamAVWin.Ransomware.Sagecrypt-6287183-0
CAT-QuickHealTrojan.Generic.S616235
ALYacGen:Variant.Zusy.227549
CylanceUnsafe
ZillyaTrojan.SageCrypt.Win32.53
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaRansom:Win32/Milicry.12e5b6ea
K7GWTrojan ( 004f76a01 )
Cybereasonmalicious.6ff0d5
CyrenW32/Trojan.UWWL-3261
SymantecTrojan Horse
ESET-NOD32Win32/Filecoder.NHQ
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.227549
NANO-AntivirusTrojan.Win32.SageCrypt.emjrlq
MicroWorld-eScanGen:Variant.Zusy.227549
TencentMalware.Win32.Gencirc.10bba8fc
Ad-AwareGen:Variant.Zusy.227549
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZexaF.34142.xu1@aWFIz6hi
VIPRETrojan.Win32.Generic!BT
TrendMicroRANSOM_CRYPNHQ_GC16006E.UVPM
McAfee-GW-EditionGenericRXBD-AM!5CCFD016FF0D
FireEyeGeneric.mg.5ccfd016ff0d53b0
EmsisoftGen:Variant.Zusy.227549 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Ransom.Gen
AviraHEUR/AGEN.1115740
Antiy-AVLTrojan/Generic.ASMalwS.1EF1820
MicrosoftRansom:Win32/Milicry.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.227549
TACHYONRansom/W32.SageCrypt.382976
AhnLab-V3Trojan/Win32.SageCrypt.R196654
McAfeeGenericRXBD-AM!5CCFD016FF0D
MAXmalware (ai score=86)
VBA32BScope.Backdoor.Androm
PandaTrj/Genetic.gen
TrendMicro-HouseCallRANSOM_CRYPNHQ_GC16006E.UVPM
RisingTrojan.Generic@ML.98 (RDML:AiCruR7vFMKNiGzB+COykw)
YandexTrojan.GenAsa!o/Ze96NGBcE
IkarusTrojan-Spy.Remcos
FortinetW32/Filecoder.NHQ!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Zusy.227549?

Zusy.227549 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment