Malware

Zusy.339143 (B) removal guide

Malware Removal

The Zusy.339143 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.339143 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A potential decoy document was displayed to the user
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Zusy.339143 (B)?



File Info:

name: 03B0BDDA3DD5E5850A28.mlw
path: /opt/CAPEv2/storage/binaries/50d903a960dfd6cb4c94efbb065e3adedde153e2e07d304c057fa6844a61cd28
crc32: D78DAC8A
md5: 03b0bdda3dd5e5850a282e515cd417fb
sha1: 8e52f65cbbc891fcea8a08b502ae9674dfbb5e9c
sha256: 50d903a960dfd6cb4c94efbb065e3adedde153e2e07d304c057fa6844a61cd28
sha512: 65a024ce5a3cd92f94be828e80b0ba46cd6b8b4a990b10e5e7e96f629f9f99ff429d5fbbf534093562bbe3cd1b4fcb71660d54b38e6da877f343b30a83f52f0f
ssdeep: 98304:0ylYnNylYnNylYnNylYnNylYnNylYnNylYnNylYn:zHHHHHHH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17AB6F116F6F14437D1236EB8DC1F536CA8267E502D34648A3BE82D48AF39781753B29B
sha3_384: f5c7e040a85537d08a03807b70f6d78d58d168c6574067460dce39130270f2fc12389d39ab72b6f1dbf899e8e36c1407
ep_bytes: 558becb9280000006a006a004975f953
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Reader 
FileVersion: 11.0.02.0
LegalCopyright: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
ProductName: Adobe Reader
ProductVersion: 11.0.02.0
OriginalFilename: AcroRd32.exe
Translation: 0x0409 0x04e4

Zusy.339143 (B) also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Inject1.20583
MicroWorld-eScanGen:Variant.Zusy.339143
FireEyeGeneric.mg.03b0bdda3dd5e585
ALYacGen:Variant.Zusy.339143
CylanceUnsafe
K7AntiVirusTrojan ( 0056fa991 )
BitDefenderGen:Variant.Zusy.339143
K7GWTrojan ( 0056fa991 )
CrowdStrikewin/malicious_confidence_60% (D)
BitDefenderThetaAI:Packer.D0ED8D2015
ESET-NOD32a variant of Win32/Injector.AGIP
TrendMicro-HouseCallTROJ_INJECTOR_GG310387.UVPM
KasperskyTrojan.Win32.Agent.xosy
NANO-AntivirusTrojan.Win32.Agent.bxpihj
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11bc1b74
Ad-AwareGen:Variant.Zusy.339143
SophosGeneric ML PUA (PUA)
VIPRETrojan.Win32.Injector.ag (v)
TrendMicroTROJ_INJECTOR_GG310387.UVPM
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGen:Variant.Zusy.339143 (B)
IkarusTrojan.Win32.Agent
GDataGen:Variant.Zusy.339143
AviraHEUR/AGEN.1126519
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASBOL.2E1B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.R452130
McAfeeGenericR-JZR!03B0BDDA3DD5
VBA32BScope.Malware-Cryptor.073
MalwarebytesMalware.AI.4143657371
APEXMalicious
RisingTrojan.Generic@ML.94 (RDML:lKw8Z1LsWFhxLpLh2haVxQ)
YandexTrojan.GenAsa!rEgeUpWGMN0
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.REEL!tr
AVGWin32:Malware-gen
Cybereasonmalicious.a3dd5e

How to remove Zusy.339143 (B)?

Zusy.339143 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment