Malware

Zusy.258520 information

Malware Removal

The Zusy.258520 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.258520 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:33258, :0, 127.0.0.1:10000
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects the presence of Wine emulator via registry key
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

How to determine Zusy.258520?



File Info:

name: 7D41C674C3065D91315E.mlw
path: /opt/CAPEv2/storage/binaries/67ecbb6987b7f9f632449b370c8931c99635126ab0441270c629f5e15b26d7ae
crc32: E2A5F94C
md5: 7d41c674c3065d91315ed11b87ced48a
sha1: 0b044a40850e753842652b265f78cf937c95912c
sha256: 67ecbb6987b7f9f632449b370c8931c99635126ab0441270c629f5e15b26d7ae
sha512: 9c5cff315ef89298c37e990169febec28bdf1d2697ed215df7e566c3baa05e36f5dbf1e7917fcb902faacf9f49bbcce0bec225d5c6d1e91c9ee95d0ae3cce0f6
ssdeep: 24576:vl+TJIKDV5HeqYh0U0lDw/xGokgZcmYzQ4ktx/XUP6NHZYyuhI1RdRrloOsY8:vlYJRbHe161onYzq7/Xq6NHWysIbZoY8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B585E10D5E0FE101E28D043BC45149B80641DC699BF0E7D36B59FA7EF9B52E3AA3C896
sha3_384: 5acc8a16f6792efd864c7dfeca00f63993753b4533acc878b42bf8d4e73dde276c26a67073837ecf863ebfcaed89f6d7
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2012-03-08 22:37:52


Version Info:

CompanyName: www.sb-innovation.de
FileDescription: µTorrent
FileVersion: 3.1.3.26837
InternalName: uTorrent.exe
OriginalFilename: uTorrent.exe
LegalCopyright: ©2012 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent
ProductVersion: 3.1.3.26837
Translation: 0x0409 0x04e4

Zusy.258520 also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.258520
FireEyeGeneric.mg.7d41c674c3065d91
ALYacGen:Variant.Zusy.258520
CylanceUnsafe
K7AntiVirusTrojan ( 004b8ba01 )
K7GWTrojan ( 004b8ba01 )
BitDefenderThetaGen:NN.ZexaF.34294.RH1@aCQ95sjO
SymantecTrojan.Gen
ESET-NOD32a variant of Win32/Toolbar.Conduit.AY potentially unwanted
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Zusy.258520
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.258520
SophosGeneric ML PUA (PUA)
ComodoMalware@#3p4eil1jrmln6
VIPRETrojan.Win32.Packer.EnigmaProtector1.1X-1.3X (ep)
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftGen:Variant.Zusy.258520 (B)
GDataGen:Variant.Zusy.258520
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1128068
Antiy-AVLTrojan/Generic.ASBOL.C669
MicrosoftTrojan:Win32/Occamy.AA
CynetMalicious (score: 100)
McAfeeArtemis!7D41C674C306
MAXmalware (ai score=86)
VBA32TrojanPSW.Banker
MalwarebytesMalware.AI.2260231715
APEXMalicious
YandexTrojan.GenAsa!rTnVu+mfujg
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_100%
AVGWin32:Malware-gen
Cybereasonmalicious.4c3065
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Zusy.258520?

Zusy.258520 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment