Categories: Malware

Should I remove “Zusy.332746”?

The Zusy.332746 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.332746 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Anomalous file deletion behavior detected (10+)
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Polish
The binary contains an unknown PE section name indicative of packing
Executable file is packed/obfuscated with MPRESS
Looks up the external IP address
Authenticode signature is invalid
Behavior consistent with a dropper attempting to download the next stage.
Attempts to modify proxy settings

Related domains:

wpad.local-net

icanhazip.com

How to determine Zusy.332746?


File Info:
name: 45E4730AB592AA59E40A.mlwpath: /opt/CAPEv2/storage/binaries/e675af29b9b2fbc7cf42b225c9f6fb585b49b069b33a7039a43dce2312d74726crc32: 542E7439md5: 45e4730ab592aa59e40a8d4b67dbf6fdsha1: 143ee0948c4a79fe693009432b4b24392ea4be2asha256: e675af29b9b2fbc7cf42b225c9f6fb585b49b069b33a7039a43dce2312d74726sha512: d7b8279bcff43ad9552213ee1e9f8758dcd11c2f5a9a05c53695cc2fe755764de5c802b07baf2200d3bf276874f5735986d7ae690758c8c2a2a244baa0939235ssdeep: 1536:PewZnxbj25f+rPfK5kL90XhuVshhyXT5YXRtqcspaDwfSsD:GwBxbCB+DR9tV35YXRnspIQS4type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A1A35D1273D0C873F27386304CF9D5529A27BC16A6B0558F268D662E5E727C28DFA31Bsha3_384: a257c62905eadb59bca776e374a15c9d3b4ff23012536cf398a3dae26cee95e4b96d3b48e40d697f6e5b4fc88c333ea7ep_bytes: e8ba170000e926040000cccccccccccctimestamp: 2013-04-06 14:23:41
Version Info:
0: [No Data]

Zusy.332746 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader16.681
MicroWorld-eScan	Gen:Variant.Zusy.332746
FireEye	Generic.mg.45e4730ab592aa59
McAfee	Upatre-FAEJ!45E4730AB592
Cylance	Unsafe
K7AntiVirus	Trojan ( 0052964f1 )
K7GW	Trojan ( 0052964f1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZexaF.34294.gqX@auZVQ5eG
Cyren	W32/Upatre.KY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.DPGO
APEX	Malicious
ClamAV	Win.Downloader.Upatre-5744087-0
BitDefender	Gen:Variant.Zusy.332746
NANO-Antivirus	Trojan.Win32.Upatre.dtrrfk
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.10b9ca86
Ad-Aware	Gen:Variant.Zusy.332746
Sophos	ML/PE-A + Troj/Dyreza-GR
Comodo	TrojWare.Win32.TrojanDownloader.Upatre.DOM@5st38w
Baidu	Win32.Trojan.Kryptik.jr
VIPRE	Trojan-Downloader.Win32.Upatre.tfl (v)
McAfee-GW-Edition	BehavesLike.Win32.Upatre.ct
Emsisoft	Gen:Variant.Zusy.332746 (B)
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan-Downloader.Upatre.BK
Jiangmin	TrojanDownloader.Upatre.rwf
Avira	TR/Dldr.Upatre.MU
Antiy-AVL	Trojan/Generic.ASMalwS.144C8DB
Arcabit	Trojan.Zusy.D513CA
Microsoft	PWS:Win32/Zbot.MR!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4739058
Acronis	suspicious
VBA32	TrojanDownloader.Small
ALYac	Gen:Variant.Zusy.332746
MAX	malware (ai score=80)
Malwarebytes	Trojan.Upatre
TrendMicro-HouseCall	TROJ_UPATRE.SM37
Rising	Downloader.Waski!1.A489 (CLASSIC)
Yandex	Trojan.GenAsa!GJHX0LOPV1Y
Ikarus	Trojan-Spy.Agent
eGambit	Unsafe.AI_Score_93%
Fortinet	W32/Kryptik.DPGO!tr
AVG	Win32:Malware-gen