Malware

Zusy.323651 malicious file

Malware Removal

The Zusy.323651 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.323651 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A HTTP/S link was seen in a script or command line
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • RegSvr32 loaded a DLL related the to squiblydoo application control bypass technique
  • Attempts to bypass application controls using the squiblydoo technique
  • Harvests cookies for information gathering
  • Created network traffic indicative of malicious activity
  • Suspicious wmic.exe use was detected

Related domains:

wpad.local-net
down.cacheoffer.tk

How to determine Zusy.323651?



File Info:

name: F5A747E3EAD7102CAAA2.mlw
path: /opt/CAPEv2/storage/binaries/c2d009c47ea3aa4eef2791bec014f521d269d51a30b6644e93c133012ac8a244
crc32: BC3D7F4F
md5: f5a747e3ead7102caaa23ee272d593d9
sha1: 3201ac2c20aae886af461ec8604182063883670e
sha256: c2d009c47ea3aa4eef2791bec014f521d269d51a30b6644e93c133012ac8a244
sha512: 541c04ec37f3fec7bb67cc3f3952086b6f6a8847f7a376c958b4c24ef1b2974303475cade54f61461a8d2471afbb491688769a31ea1f5623e6fd60df2e2c5973
ssdeep: 24:etGSIfDhyazgFChZmSW/k+hYhNCNPaZ88ZtSS:6KcQhZDWM+hYh8da1+
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T166511ECB722225F2F12893BD0683DD45E5AD233803D257640F41A4C9D448C1B743AFCB
sha3_384: 4be9d2209e185b60c4b66d1d6d9798327dfe7d2471a82f604ba1a6b5241a970eb24eb260f904b6bba2dca5748f221af2
ep_bytes: 558bec6a006800304000ff1500204000
timestamp: 2018-04-22 20:49:58


Version Info:

0: [No Data]

Zusy.323651 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.323651
FireEyeGeneric.mg.f5a747e3ead7102c
ALYacGen:Variant.Zusy.323651
CylanceUnsafe
ZillyaDownloader.Agent.Win64.409
SangforTrojan.Win32.APosT.dcc
K7AntiVirusTrojan-Downloader ( 0052f8ef1 )
AlibabaTrojanDownloader:Win32/JbossMiner.4aa44cdf
K7GWTrojan-Downloader ( 0052f8ef1 )
Cybereasonmalicious.3ead71
CyrenW32/S-ee3b31b2!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.CB
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.323651
NANO-AntivirusTrojan.Win32.APosT.fasoad
ViRobotTrojan.Win32.Z.Cerbu.3072.D
AvastWin32:JbossMiner-C [Trj]
TencentWin64.Trojan-downloader.Agent.Edxf
Ad-AwareGen:Variant.Zusy.323651
TACHYONTrojan/W32.APosT.3072.B
ComodoMalware@#3sjhlcc94n570
DrWebTrojan.DownLoader26.42915
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PH321
McAfee-GW-EditionGenericRXFD-SR!F5A747E3EAD7
EmsisoftGen:Variant.Zusy.323651 (B)
GDataGen:Variant.Zusy.323651
JiangminTrojan.APosT.dc
AviraHEUR/AGEN.1115131
Antiy-AVLTrojan/Generic.ASMalwS.25E651B
ArcabitTrojan.Zusy.D4F043
MicrosoftTrojan:Win32/Skeeyah.A!rfn
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C2479368
McAfeeGenericRXFD-SR!F5A747E3EAD7
MAXmalware (ai score=94)
VBA32Trojan.Downloader
TrendMicro-HouseCallTROJ_GEN.R002C0PH321
YandexTrojan.APosT!Z91N/1zgjZ8
IkarusTrojan-Downloader.Win64.Agent
FortinetW32/Agent.CB!tr.dldr
BitDefenderThetaGen:NN.ZexaF.34294.aqW@au5N5nf
AVGWin32:JbossMiner-C [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.323651?

Zusy.323651 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment