Malware

Zusy.365242 removal guide

Malware Removal

The Zusy.365242 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.365242 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to modify proxy settings

How to determine Zusy.365242?



File Info:

name: FD58C73515B1AFE68847.mlw
path: /opt/CAPEv2/storage/binaries/aad58eaadeb6ae4ab9777d419415501f319cb6aaf35aadaa2b1aabb1644896ed
crc32: 6FA19AF9
md5: fd58c73515b1afe6884713aac95255c1
sha1: d99b6dfe83bd203f39436ff4eebd4f702b37a9e3
sha256: aad58eaadeb6ae4ab9777d419415501f319cb6aaf35aadaa2b1aabb1644896ed
sha512: 61699ca5275ddf2e26c0a57c807fee13bc9c9371de108546eacc77049374f330a301433a492b79aeb4e4f21a4669ce39851874e4565ddbdac856dd97847afab8
ssdeep: 98304:+ay/ptk8g9uthc+Wk6B5jFzAzQwKliam8Q7zXC5Tk9P/P/g+LxRDUpvQkmmMgloK:m+8g9HBdFkBTJfg+Lx4QtO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E560113F741C0F1C22826B021BA23366AB5EE515D35CB83E7A4FE797C72291AB6315D
sha3_384: ec9f7a3e22cf65e0aa07bbfb957fd6f27bf59c44442d7246d088fe191710ac0cf24d8b08dad8486943640d4ab921e06c
ep_bytes: 558bec6aff68a8649b0068e069520064
timestamp: 2015-05-02 06:15:39


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Zusy.365242 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lqH9
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.365242
FireEyeGeneric.mg.fd58c73515b1afe6
ALYacGen:Variant.Zusy.365242
CylanceUnsafe
VIPREGen:Variant.Zusy.365242
SangforTrojan.Win32.Agent.Vznp
K7AntiVirusTrojan ( 005246d51 )
AlibabaTrojanDropper:Win32/Generic.d518757e
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.515b1a
CyrenW32/Trojan.GRW.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9820446-0
BitDefenderGen:Variant.Zusy.365242
NANO-AntivirusTrojan.Win32.Adw.drnxjq
AvastWin32:Adware-gen [Adw]
Ad-AwareGen:Variant.Zusy.365242
EmsisoftGen:Variant.Zusy.365242 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
DrWebTrojan.DownLoader9.42839
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminesuspicious.low.ml.score
SophosGeneric PUA NJ (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1DNV50E
JiangminRootkit.Agent.qfm
Antiy-AVLTrojan/Generic.ASCommon.FA
KingsoftWin32.Troj.Generic.v.(kcloud)
ViRobotTrojan.Win32.Z.Zusy.6254592
MicrosoftTrojan:Win32/Wacatac.A!ml
CynetMalicious (score: 100)
McAfeeArtemis!FD58C73515B1
MAXmalware (ai score=89)
VBA32Trojan.Downloader
MalwarebytesPUP.Optional.ChinAd
TrendMicro-HouseCallTROJ_GEN.R002H0CGR22
RisingHackTool.Agent!1.B2A6 (CLASSIC)
IkarusTrojan-Dropper.Delf
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34582.@t0@aS0AsMaH
AVGWin32:Adware-gen [Adw]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Zusy.365242?

Zusy.365242 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment