Categories: Malware

What is “Zusy.309437”?

The Zusy.309437 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.309437 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to identify installed AV products by installation directory
Creates a copy of itself
Collects information to fingerprint the system

Related domains:

redirector.gvt1.com

r4—sn-4g5e6nzz.gvt1.com

How to determine Zusy.309437?


File Info:
crc32: 99BE8CCFmd5: f7c56c27b11bb77d4bcd3113ee716326name: 8610o9i8u.exesha1: 9a1a212d9469f970a2104acd64be43f4a5a4060asha256: 567224faff147b89da1c73c10ad185534e55ab80a1d65f3a34460911ce76cef3sha512: f3233665b46ff106340217c8ff3df2a3500f2df40681c2dd0a40b769e963c17bde04c2809025fe94166fde16d40c4d9a1d66b42bcc509e3da57509ade06bf607ssdeep: 12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpntype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2003InternalName: IrdaMobileFileVersion: 1, 0, 0, 1ProductName: IrdaMobile ApplicationProductVersion: 1, 0, 0, 1FileDescription: IrdaMobile MFC ApplicationOriginalFilename: IrdaMobile.EXETranslation: 0x0409 0x04b0

Zusy.309437 also known as:

MicroWorld-eScan	Gen:Variant.Zusy.309437
FireEye	Generic.mg.f7c56c27b11bb77d
McAfee	GenericRXLK-NT!F7C56C27B11B
Malwarebytes	Trojan.Injector
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056aa1a1 )
BitDefender	Gen:Variant.Zusy.309437
K7GW	Trojan ( 0056aa1a1 )
TrendMicro	TROJ_GEN.R002C0DGJ20
F-Prot	W32/Kryptik.BQI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
GData	Gen:Variant.Zusy.309437
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/Emotet.7b14deac
NANO-Antivirus	Trojan.Win32.Dwn.hnydzy
AegisLab	Trojan.Win32.Zusy.4!c
Tencent	Malware.Win32.Gencirc.10cde088
Ad-Aware	Gen:Variant.Zusy.309437
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/AD.Ryuk.eqtqz
DrWeb	Trojan.DownLoader33.64957
Zillya	Downloader.Deyma.Win32.145
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Zusy.309437 (B)
Ikarus	Trojan.SuspectCRC
Cyren	W32/Kryptik.BQI.gen!Eldorado
Webroot	W32.Trojan.Gen
Avira	TR/AD.Ryuk.eqtqz
Antiy-AVL	Trojan[Downloader]/Win32.Deyma
Endgame	malicious (high confidence)
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Emotet.DGB!MTB
AhnLab-V3	Malware/Win32.Generic.C4160581
ALYac	Gen:Variant.Zusy.309437
MAX	malware (ai score=81)
VBA32	BScope.Backdoor.Emotet
Cylance	Unsafe
ESET-NOD32	a variant of Generik.JKFXMQ
TrendMicro-HouseCall	TROJ_GEN.R002C0DGJ20
Rising	Trojan.Kryptik!1.C80B (CLOUD)
Fortinet	W32/Kryptik.HDKU!tr
BitDefenderTheta	Gen:NN.ZexaE.34136.Sq1@aKgD!2xi
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/Trojan.721