Malware

How to remove “Zusy.368751 (B)”?

Malware Removal

The Zusy.368751 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.368751 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine Zusy.368751 (B)?



File Info:

name: FF5D72F2AB80DB601B4D.mlw
path: /opt/CAPEv2/storage/binaries/7c160aab08e4c8f53b13b231deeea8ad671df2e2c207929f37c05d83273e91e9
crc32: B9E12E27
md5: ff5d72f2ab80db601b4d6a402a2f8552
sha1: bdc513ce1ffd47252c1b3539965c6f734dfe07f4
sha256: 7c160aab08e4c8f53b13b231deeea8ad671df2e2c207929f37c05d83273e91e9
sha512: e274a55ed1f3f82dbdf286f95417bcd92f83fc12b8f63011a1f3fa4bd4f070f2b884c4c21e01ecea9334827911ef03079b6821ebc12f56f9d8f2aa0012df401b
ssdeep: 24576:BvhbCZ+Z/BZAr2ppbRoZ0rgsp9r/n0W+e0pdRzcgzxJUEMnsMmFB:BxX/TppltgEF0k0p3Igzx0sMCB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D45D002F58280F1C66D2931556A2B3EEE758E460B14CED3E3A5DE6E9C33291B53712F
sha3_384: d84c8b0f9deeb00c5913903034c95bca861f68bbbb1157d7d42e2321d81cb19ece529dec20d0346baad8b364d393b802
ep_bytes: 558bec6aff6818185100687cce460064
timestamp: 2021-11-23 03:49:44


Version Info:

FileVersion: 1.0.0.0
FileDescription: nyssae
ProductName: nyssae
ProductVersion: 1.0.0.0
CompanyName: Huan-庨釬
LegalCopyright: Huan-庨釬
Comments: nyssae
Translation: 0x0804 0x04b0

Zusy.368751 (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.368751
FireEyeGeneric.mg.ff5d72f2ab80db60
CAT-QuickHealTrojan.Generic.2919
McAfeeGenericRXAA-AA!FF5D72F2AB80
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005886601 )
Cybereasonmalicious.2ab80d
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/FlyStudio.Injector.D potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Tiggre-9845940-0
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.368751
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.Zusy.368751
SophosGeneric ML PUA (PUA)
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Zusy.368751 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.11B5R9D
JiangminPacked.Vemply.hv
AviraHEUR/AGEN.1135007
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3277483
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.mr0@ausUBcib
ALYacGen:Variant.Zusy.368751
MAXmalware (ai score=88)
VBA32BScope.Downloader.Snojan
MalwarebytesTrojan.MalPack.FlyStudio
YandexTrojan.GenAsa!BVzegtCzo08
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Zusy.368751 (B)?

Zusy.368751 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment