Malware

About “Zusy.322561” infection

Malware Removal

The Zusy.322561 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.322561 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Zusy.322561?



File Info:

name: 90BABAAF87BB1E69247A.mlw
path: /opt/CAPEv2/storage/binaries/e0ed44a4baf0e8124fd84ada7046c79ab9d6a8b97946e869ac1dd70f15b9dac3
crc32: EEEC1E52
md5: 90babaaf87bb1e69247a002acd0351fa
sha1: c0c7dfaa915169b175f221a018ad2e46052cfa9f
sha256: e0ed44a4baf0e8124fd84ada7046c79ab9d6a8b97946e869ac1dd70f15b9dac3
sha512: 7d4c7f9223e9426261959046f5b3907cc4a6cebcf9cb048e8bac95eb7d9f88fa2b7f17227b93fe404f68d2db1ed35a44df6b4b0ba04b0361efb760923ba0d61d
ssdeep: 24576:f3Uts4upO88ZMTCIfOQai4dA/j+PyKogMLwSOhke41O+DxAmos:cKsh16jyqwZJgCm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13B45D023B6140141E1B99C3A501BBE4175F25F568B0E6CFBD6BB9EE124902D1BE3F983
sha3_384: ccc98c2e18fc9b964aa16b899e4bbb778b0a2d680a56eb92a1541b7fa5238fc92782f5335a1324451241f51861cfc738
ep_bytes: 558bec6aff683004470068d0a3460064
timestamp: 2020-10-19 22:36:44


Version Info:

CompanyName: NCT Company Ltd.
FileDescription: NCTAudioRecord2 ActiveX EXE
FileVersion: 2,5,1,130
InternalName: NCTAudioRecord2 ActiveX EXE
LegalCopyright: NCT Company Ltd. Copyright 1999 - 2003
LegalTrademarks: NCT Company Ltd.
OriginalFilename: NCTAudioRecord2.EXE
ProductName: NCTAudioRecord2 ActiveX EXE
ProductVersion: 2,5,1,130
Translation: 0x0409 0x04b0

Zusy.322561 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Staser.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.322561
FireEyeGeneric.mg.90babaaf87bb1e69
ALYacGen:Variant.Zusy.322561
MalwarebytesAdware.DownloadAssistant
K7AntiVirusTrojan ( 00588d9e1 )
AlibabaTrojan:Win32/Staser.1e997cbe
K7GWTrojan ( 00588d9e1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/ICLoader.CK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHUB
APEXMalicious
ClamAVWin.Packed.Adrozek-9811562-0
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Zusy.322561
SUPERAntiSpywareTrojan.Agent/Generic
TencentWin32.Trojan.Staser.Hssg
Ad-AwareGen:Variant.Zusy.322561
SophosML/PE-A + Troj/Agent-BEQV
ComodoMalware@#npsb4fzdcv8h
DrWebTrojan.Siggen9.22670
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftGen:Variant.Zusy.322561 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Zusy.322561
AviraHEUR/AGEN.1138971
Antiy-AVLTrojan/Win32.Kryptik
ArcabitTrojan.Zusy.D4EC01
MicrosoftBrowserModifier:Win32/Adrozek
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ekstak.R353799
Acronissuspicious
McAfeeGenericRXMI-RY!90BABAAF87BB
MAXmalware (ai score=84)
VBA32BScope.Trojan.Staser
RisingTrojan.Kryptik!1.AA23 (CLOUD)
YandexTrojan.Staser!BLqS7SpJNSY
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_97%
FortinetW32/CoinMiner.GYQC!tr
BitDefenderThetaGen:NN.ZexaCO.34182.iv0@auZajkfj
Cybereasonmalicious.f87bb1
PandaTrj/Genetic.gen

How to remove Zusy.322561?

Zusy.322561 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment