Malware

How to remove “Zusy.367607 (B)”?

Malware Removal

The Zusy.367607 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.367607 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Zusy.367607 (B)?



File Info:

name: B79D892EC7C6E5659295.mlw
path: /opt/CAPEv2/storage/binaries/75170e50dff2f2e1e34436f71e9127a1d9efe6362d17c174c9bfeee444c92cb0
crc32: 59DD7023
md5: b79d892ec7c6e5659295c9e9e9ad17a9
sha1: 934b2750a9560270162066f2c4a6af691123fa82
sha256: 75170e50dff2f2e1e34436f71e9127a1d9efe6362d17c174c9bfeee444c92cb0
sha512: e8f735b9a232277d54ddbd92990bfa905663f3e82fa9b3e774eb6f3595bfbedbeb38f13aa8e9da862d3566c5e7272ac9721da15fb981555eb2853774d2a260a9
ssdeep: 6144:5NgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXemFDW:5u4lNAtYytvS5Aku1YLVF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102845CB2CE81803ED47614FD055AA7AD91BECEA0DB7654D3C6DA363987376C36272203
sha3_384: 258028f43bb609b6faaf3da8496febeaad96e43b483d21f7933cc9d2b2b9d9cf687e5a372ecec0b1234ffb04c9a4386f
ep_bytes: e8a8620000e995feffff3b0d60a64300
timestamp: 2021-02-08 15:36:51


Version Info:

CompanyName: bang5tao                                                                                                                                                                                
FileDescription: bang5tao                                                                                                                      
FileVersion: 1.0.0.1                                                        
InternalName: AICONExe.exe                                                                                                                  
LegalCopyright: Copyright (C) 2020                                                                                                                  
OriginalFilename: bang5tao.exe                                                                                                                  
ProductName: bang5tao9                                                                                                                    
ProductVersion: 1.0.0.1                                                              
Translation: 0x0804 0x04b0

Zusy.367607 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Sdum.4!c
Elasticmalicious (high confidence)
DrWebBackDoor.Donbot.49
MicroWorld-eScanGen:Variant.Zusy.367607
FireEyeGen:Variant.Zusy.367607
CAT-QuickHealPUA.AgentPMF.S19195140
McAfeeGenericRXNT-FQ!B79D892EC7C6
CylanceUnsafe
ZillyaTrojan.Sdum.Win32.3130
SangforVirus.Win32.Save.a
K7AntiVirusAdware ( 00577ae01 )
K7GWAdware ( 00577ae01 )
Cybereasonmalicious.ec7c6e
BitDefenderThetaGen:NN.ZexaF.34294.wu0@aOZ!2lnj
CyrenW32/S-acd89e8f!Eldorado
ESET-NOD32a variant of Win32/Softcnapp.BK potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002C0DKS21
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-9833054-0
KasperskyHEUR:Trojan.Win32.Sdum.gen
BitDefenderGen:Variant.Zusy.367607
NANO-AntivirusTrojan.Win32.Sdum.ilzhqt
SUPERAntiSpywarePUP.ChinAd/Variant
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Sdum.za
Ad-AwareGen:Variant.Zusy.367607
SophosSoftcnapp (PUA)
TrendMicroTROJ_GEN.R002C0DKS21
McAfee-GW-EditionBehavesLike.Win32.Dropper.fh
EmsisoftGen:Variant.Zusy.367607 (B)
IkarusPUA.Softcnapp
GDataWin32.Trojan.PSE.1BG3RAH
JiangminTrojan.Sdum.lf
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.3155D2D
GridinsoftRansom.Win32.Gen.sa
ViRobotTrojan.Win32.Z.Zusy.372224.FIG
MicrosoftTrojan:Win32/Glupteba.OE!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4292178
VBA32Trojan.Sdum
ALYacGen:Variant.Zusy.367607
MalwarebytesPUP.Optional.Softcnapp
APEXMalicious
RisingAdware.Agent!1.CE32 (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/Zusy.367607!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.114274265.susgen

How to remove Zusy.367607 (B)?

Zusy.367607 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment