Malware

Should I remove “Zusy.367607”?

Malware Removal

The Zusy.367607 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.367607 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Zusy.367607?



File Info:

name: B48178539CA814427B7C.mlw
path: /opt/CAPEv2/storage/binaries/d488cf07ce14471f3dcf8093e04aeae2fe1f8820f3e2bdab12d7ffa30d63c849
crc32: C0786903
md5: b48178539ca814427b7cf1acd085519a
sha1: b5825d013012973a7c6be94565e6c3a2033134dd
sha256: d488cf07ce14471f3dcf8093e04aeae2fe1f8820f3e2bdab12d7ffa30d63c849
sha512: a0d3fa07dd3271bfc64abbfad9c5c36f1f6ccfd2c11a30372c7cacc20d9b124019c024c2ada275b3d3a838ceaedd759346007376bd5267d1413353fe6753a481
ssdeep: 6144:5NgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXPmFDW:5u4lNAtYytvS5Aku1YLuF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6845CB2CE81803ED47614FD055AA7AD91BECEA0DB7654D3C6DA363987376C36272203
sha3_384: bd8158fad17ab861f023cb9e102f289948bab82a896d6c390c83e383917a1a109761f437a53d6283acd4779f4cd71114
ep_bytes: e8a8620000e995feffff3b0d60a64300
timestamp: 2021-02-08 15:36:51


Version Info:

CompanyName: bang5tao                                                                                                                                                                                
FileDescription: bang5tao                                                                                                                      
FileVersion: 1.0.0.1                                                        
InternalName: AICONExe.exe                                                                                                                  
LegalCopyright: Copyright (C) 2020                                                                                                                  
OriginalFilename: bang5tao.exe                                                                                                                  
ProductName: bang5tao9                                                                                                                    
ProductVersion: 1.0.0.1                                                              
Translation: 0x0804 0x04b0

Zusy.367607 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebBackDoor.Donbot.49
MicroWorld-eScanGen:Variant.Zusy.367607
FireEyeGen:Variant.Zusy.367607
CAT-QuickHealPUA.AgentPMF.S19195140
McAfeeGenericRXNT-FQ!B48178539CA8
CylanceUnsafe
ZillyaTrojan.Sdum.Win32.3130
SangforVirus.Win32.Save.a
AlibabaMalware:Win32/km_2c51c86.None
K7GWAdware ( 00577ae01 )
K7AntiVirusAdware ( 00577ae01 )
BitDefenderThetaGen:NN.ZexaF.34062.wu0@aOZ!2lnj
CyrenW32/S-acd89e8f!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Softcnapp.BK potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002C0DKS21
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-9833054-0
KasperskyHEUR:Trojan.Win32.Sdum.gen
BitDefenderGen:Variant.Zusy.367607
NANO-AntivirusTrojan.Win32.Sdum.ilzhqt
SUPERAntiSpywarePUP.ChinAd/Variant
AvastWin32:TrojanX-gen [Trj]
RisingAdware.Agent!1.CE32 (CLASSIC)
Ad-AwareGen:Variant.Zusy.367607
TrendMicroTROJ_GEN.R002C0DKS21
McAfee-GW-EditionGenericRXNT-FQ!B48178539CA8
EmsisoftGen:Variant.Zusy.367607 (B)
IkarusPUA.Softcnapp
GDataWin32.Trojan.PSE.1BG3RAH
JiangminTrojan.Sdum.lf
Antiy-AVLTrojan/Generic.ASMalwS.3155D2D
GridinsoftRansom.Win32.Gen.sa
MicrosoftTrojan:Win32/Glupteba.OE!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4292178
VBA32Trojan.Sdum
MAXmalware (ai score=89)
MalwarebytesPUP.Optional.Softcnapp
APEXMalicious
TencentTrojan.Win32.Sdum.za
YandexTrojan.Sdum!Po6C0NaBU1Y
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.114274265.susgen
FortinetW32/Zusy.367607!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.39ca81
PandaTrj/Genetic.gen

How to remove Zusy.367607?

Zusy.367607 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment