Malware

What is “Zusy.338958”?

Malware Removal

The Zusy.338958 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.338958 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Norwegian (Nynorsk)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Zusy.338958?



File Info:

name: 39C8ACE7F72EB19EE33F.mlw
path: /opt/CAPEv2/storage/binaries/d3e5174190f3fcf50970c125778fb1d0ef96ca6b36024471fba9e874f5beded8
crc32: 0CE3C9B5
md5: 39c8ace7f72eb19ee33f3b2663b3b709
sha1: fd45c5cd7fcf468298b1057c33e6a0b5db9112e0
sha256: d3e5174190f3fcf50970c125778fb1d0ef96ca6b36024471fba9e874f5beded8
sha512: a08c75a1a7fd96b0b51ed5d2c185fa8870126dca4f0d8c4e187cbcaeae8a5dac2c21b571b5eb657774b0b4c8c7a4c94b366fb23baf7ff1f1582dea0e3ddf9c51
ssdeep: 6144:IQjUU+FLvjdFxwKz5gNTI/0Rq3iw0QjN:IIUU+FHdchK/0Rq30QR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10064AF1136A0C0F1C09205315474F760A6B9B8A29B6B49D7EB54EB2A5E333D0E7FA34F
sha3_384: 1f856fc4c2175395b87b09209c1da6a7f5c60f49460befd3658cce27832046b811875449dfbb555fbd8bf72728480e99
ep_bytes: e8a75b0000e979feffff8bff558bec51
timestamp: 2020-03-16 19:06:32


Version Info:

FileVers: 15.26.361
InternalName: writeanogys.ets
Copyright: Copyrighz (C) 2020, pupkabop
TranslationUsa: 0x0471 0x085a

Zusy.338958 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.338958
FireEyeGeneric.mg.39c8ace7f72eb19e
ALYacGen:Variant.Zusy.338958
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005732f51 )
K7GWTrojan ( 005732f51 )
Cybereasonmalicious.7f72eb
CyrenW32/Kryptik.CKO.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHKP
APEXMalicious
ClamAVWin.Dropper.Glupteba-9791492-0
KasperskyHEUR:Exploit.Win32.ShellCode.Agent.pef
BitDefenderGen:Variant.Zusy.338958
NANO-AntivirusExploit.Win32.ShellCode.ifxhdy
AvastWin32:CoinminerX-gen [Trj]
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazqTdGEljMwwE9kxPZ+9vugg)
Ad-AwareGen:Variant.Zusy.338958
EmsisoftGen:Variant.Zusy.338958 (B)
McAfee-GW-EditionLockbit-FSWW!39C8ACE7F72E
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.338958
JiangminBackdoor.Agent.ils
AviraHEUR/AGEN.1140469
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Glupteba.VAM!MSR
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Glupteba.R355689
McAfeeLockbit-FSWW!39C8ACE7F72E
VBA32BScope.Trojan.Glupteba
MalwarebytesTrojan.MalPack.GS
IkarusTrojan-Spy.MSIL.Agent
eGambitUnsafe.AI_Score_76%
FortinetW32/GenKryptik.EWTP!tr
AVGWin32:CoinminerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Zusy.338958?

Zusy.338958 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment