Categories: Malware

Zusy.324800 (file analysis)

The Zusy.324800 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.324800 virus can do?

Executable code extraction
Creates RWX memory
Expresses interest in specific running processes
Reads data out of its own binary image
Unconventionial language used in binary resources: Korean
The binary likely contains encrypted or compressed data.
Detects Sandboxie through the presence of a library
Checks for the presence of known windows from debuggers and forensic tools
Attempts to repeatedly call a single API many times in order to delay analysis time
The following process appear to have been packed with Themida: A77D81C4304162D01315CD01B152FE21.mlw
Creates a hidden or system file
Network activity detected but not expressed in API logs
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Zusy.324800?


File Info:
crc32: 5EE6F2D6md5: a77d81c4304162d01315cd01b152fe21name: A77D81C4304162D01315CD01B152FE21.mlwsha1: 8f302ec031fc437d7f702344355b0422c9fb3cfasha256: 1a37fa1e713f66bdbd852d937eea87b9e54ac9b1af1eabbed8b546dcf21f5957sha512: 800a7581fdbc9c355e19439da8ebb32209178feb61bb58e009241ff044e288981cc26e4adfc571d5bea9296ea04a3c87d3af903a36edc82b0155618fe8e8a571ssdeep: 49152:oY1qr2R4yLE86sgMWzyFNkQiLf3P7HwBLV9B2VxrDEdGGBCPofMx6IdUESuhg/P1:BE17PsgMWOFmRLfP7HwBLYVxrxTM+UMktype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2001InternalName: EbenezerFileVersion: 1, 0, 0, 1CompanyName: LegalTrademarks: ProductName: Ebenezer xc751xc6a9 xd504xb85cxadf8xb7a8ProductVersion: 1, 0, 0, 1FileDescription: Ebenezer MFC xc751xc6a9 xd504xb85cxadf8xb7a8OriginalFilename: Ebenezer.EXETranslation: 0x0412 0x04b0

Zusy.324800 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Riskware ( 005534111 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoad3.10780
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Zusy.324800
Cylance	Unsafe
Zillya	Trojan.TDSS.Win32.45393
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Riskware ( 005534111 )
Cybereason	malicious.430416
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
BitDefender	Gen:Variant.Zusy.324800
NANO-Antivirus	Trojan.Win32.DownLoad3.fdsqqi
MicroWorld-eScan	Gen:Variant.Zusy.324800
Tencent	Malware.Win32.Gencirc.10b4ac65
Ad-Aware	Gen:Variant.Zusy.324800
BitDefenderTheta	Gen:NN.ZexaF.34236.4E3@aej@BWgH
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	GenericRXBP-XL!A77D81C43041
FireEye	Generic.mg.a77d81c4304162d0
Emsisoft	Gen:Variant.Zusy.324800 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1118630
eGambit	Unsafe.AI_Score_95%
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	Trojan:Win32/Occamy.C1A
GData	Gen:Variant.Zusy.324800
McAfee	GenericRXBP-XL!A77D81C43041
MAX	malware (ai score=99)
VBA32	Trojan.Download
Malwarebytes	Malware.Heuristic.1003
Panda	Trj/CI.A
Rising	Win32.Loader.p (CLASSIC)
Yandex	Trojan.Agent!IYymazz6yVs
Ikarus	Worm.QVod
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Strictor.IYPG!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml