Malware

What is “Zusy.328452”?

Malware Removal

The Zusy.328452 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.328452 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Created a service that was not started
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Zusy.328452?



File Info:

crc32: B04FA3A9
md5: 8871986fe220b1a554fcba2d0c396d02
name: 8871986FE220B1A554FCBA2D0C396D02.mlw
sha1: c4c64585fa62ec2f6abfb9604a26cd75ea3be2c2
sha256: 1a2f4ccc4ca760686ebe01a50ccff42aba3ab99265ebcd07e3aebbbf831b42e4
sha512: 638ac7a73e2078313782542f63cf86679c2e0331393e44c06a7dc140bf6e9bde3b4aa184e2237b57e24bdd712cfc4ba15fcfbf3a7b08cab4fdb1f771845ea64f
ssdeep: 49152:117Zco/EVCb4oM8WcATyvcO4z1Pq3eAQqt:117Go8VCb4orA+vcOuPq3eAJt
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 x41ax43ex440x43fx43ex440x430x446x438x44f x41cx430x439x43ax440x43ex441x43ex444x442. x412x441x435 x43fx440x430x432x430 x437x430x449x438x449x435x43dx44b.
InternalName: Notepad
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
CompanyName: x41ax43ex440x43fx43ex440x430x446x438x44f x41cx430x439x43ax440x43ex441x43ex444x442
ProductName: x41ex43fx435x440x430x446x438x43ex43dx43dx430x44f x441x438x441x442x435x43cx430 Microsoftxae Windowsxae
ProductVersion: 5.1.2600.5512
FileDescription: x411x43bx43ex43ax43dx43ex442
OriginalFilename: NOTEPAD.EXE
Translation: 0x0419 0x04b0

Zusy.328452 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 00540c121 )
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop8.58198
CynetMalicious (score: 100)
ALYacGen:Variant.Zusy.328452
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1533592
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (D)
AlibabaTrojan:Win32/Katusha.43fed899
K7GWTrojan ( 00540c121 )
Cybereasonmalicious.fe220b
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GMOD
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.328452
NANO-AntivirusTrojan.Win32.Kryptik.fkcawu
MicroWorld-eScanGen:Variant.Zusy.328452
TencentWin32.Trojan.Generic.Ebgr
Ad-AwareGen:Variant.Zusy.328452
SophosMal/Generic-S
ComodoTrojWare.Win32.TrojanSpy.Vigorf.PA@89cbtr
BitDefenderThetaGen:NN.ZexaF.34236.sw0@aanqz!gc
McAfee-GW-EditionBehavesLike.Win32.Dropper.vh
FireEyeGeneric.mg.8871986fe220b1a5
EmsisoftGen:Variant.Zusy.328452 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1110885
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.2A57684
MicrosoftTrojan:Win32/Occamy.C
ZoneAlarmHEUR:Packed.Win32.Katusha.gen
GDataGen:Variant.Zusy.328452
AhnLab-V3Malware/Gen.Generic.C2822803
Acronissuspicious
McAfeePacked-FOJ!8871986FE220
MAXmalware (ai score=100)
VBA32BScope.Trojan.Ekstak
MalwarebytesTrojan.FakeMS.ED
PandaTrj/Genetic.gen
RisingTrojan.Generic@ML.95 (RDML:Xbz33xbZB/wZ93qqYM4oSg)
YandexTrojan.GenAsa!cXIzvA1Ziwg
IkarusPUA.ICLoader
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.GLTZ!tr
AVGWin32:BackdoorX-gen [Trj]
Paloaltogeneric.ml

How to remove Zusy.328452?

Zusy.328452 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment