Malware

Zusy.315024 (file analysis)

Malware Removal

The Zusy.315024 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.315024 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

bestsuccess.ddns.net

How to determine Zusy.315024?



File Info:

crc32: 52394B61
md5: 09d2701774bb74673e35dcfe7661231e
name: upload_file
sha1: f8598752168cfc6b34fa8c7d306825e3d185b6de
sha256: 00c81ee60f577f38edc27e5c1532d4996e55a86f322e248e4e9f80f159c449b8
sha512: 9546ee991d252cf0a19508a0049d63ff187ae81a0c7a327996ecfb4879560e98e418e64acf75265621623b3b660f85ffb13490fccb475e38c5edb1daa5649977
ssdeep: 12288:i1eRRAfxCIUnyNOI/SN/HWQZUp7rpiEpIiQHkRT5:EiRO8nyNOI0u7G+INw
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Mozilla
InternalName: 7zS.sfx
FileVersion: 18.05
CompanyName: Mozilla
ProductName: Firefox
ProductVersion: 18.05
FileDescription: Firefox
OriginalFilename: 7zS.sfx.exe
Translation: 0x0409 0x04b0

Zusy.315024 also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
DrWebBackDoor.SpyBotNET.25
MicroWorld-eScanGen:Variant.Zusy.315024
FireEyeGeneric.mg.09d2701774bb7467
CAT-QuickHealTrojan.IGENERIC
Qihoo-360Win32/Trojan.469
McAfeeFareit-FZN!09D2701774BB
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Zusy.315024
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.774bb7
TrendMicroTrojanSpy.Win32.FAREIT.UHBAZCLOA
BitDefenderThetaAI:Packer.D345F73015
CyrenW32/Injector.FWRE-5446
SymantecTrojan.Gen.2
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Agent-9769492-0
KasperskyHEUR:Trojan.Win32.Kryptik.gen
AlibabaTrojan:Win32/DelfInject.ali2000015
NANO-AntivirusTrojan.Win32.Kryptik.hwpcrl
ViRobotTrojan.Win32.Z.Ulise.702464
AegisLabTrojan.Win32.Kryptik.4!c
AvastWin32:Trojan-gen
TencentWin32.Trojan.Kryptik.Iis
Ad-AwareGen:Variant.Zusy.315024
SophosMal/Generic-S
F-SecureTrojan.TR/Injector.sdkuq
ZillyaTrojan.Injector.Win32.773610
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.jh
EmsisoftGen:Variant.Zusy.315024 (B)
IkarusTrojan.Win32.IRCBot
WebrootW32.Trojan.Gen
AviraTR/Injector.sdkuq
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Kryptik
MicrosoftTrojan:Win32/Ymacco.AA00
ArcabitTrojan.Zusy.D4CE90
ZoneAlarmHEUR:Trojan.Win32.Kryptik.gen
GDataGen:Variant.Zusy.315024
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Kryptik.R352378
VBA32TScope.Trojan.Delf
ALYacGen:Variant.Zusy.315024
MalwarebytesTrojan.MalPack.DLF
ZonerTrojan.Win32.95177
ESET-NOD32Win32/Agent.TJS
TrendMicro-HouseCallTrojanSpy.Win32.FAREIT.UHBAZCLOA
RisingTrojan.Generic@ML.100 (RDML:n9v9dnj389bp3J7Btcrs7Q)
YandexTrojan.Igent.bUxuEJ.17
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKryptik.ETDN!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.315024?

Zusy.315024 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment