Malware

About “Zusy.373066” infection

Malware Removal

The Zusy.373066 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.373066 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Detects the presence of Windows Defender AV emulator via files
  • Anomalous binary characteristics

How to determine Zusy.373066?


File Info:

name: 6A16E2576B98DF9F5F53.mlw
path: /opt/CAPEv2/storage/binaries/186f16553a6309ae7e76a4eb12e15142f493ea6f4cb79357219ae9df6368016a
crc32: F6A6C40C
md5: 6a16e2576b98df9f5f53c399054b6d52
sha1: 00803be8e4f35f4f4a3e3ff44470d523094125f7
sha256: 186f16553a6309ae7e76a4eb12e15142f493ea6f4cb79357219ae9df6368016a
sha512: f8a1fbae069f04a47c4aa3f3e0a7ca0fa196ad21587244c51a3de2601d0141d4f781c314beedd72caa60af2c1c9220cbfbbbca64b4a515da0782312f14d22980
ssdeep: 24576:L53uhF890BmJOPAmYfeE11OFfMhRzU4gemCDphtWUsjpPHJEkYEYN/pO/lKr/j7:L5+hF6mYfAkRgdemUntWFPHJEkIpONC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B49523232B9E30F1CAD326B13859371721B5A2738F71C4C75BF123AEA9648C6D578279
sha3_384: 437420850377eb1eee87c55202d589b44e9f12d842d594e73e1a1a6fc07ad49336a9523280b972a8c8de6ac88505bfe5
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34

Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.7.0.3900
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2016 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: April 1, 2016
ProductName: 7-Zip SFX
ProductVersion: 1.7.0.3900
Translation: 0x0000 0x04b0

Zusy.373066 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.373066
FireEyeGeneric.mg.6a16e2576b98df9f
ALYacGen:Variant.Zusy.373066
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005798ba1 )
AlibabaTrojan:Win32/Crypzip.7a480b51
K7GWTrojan ( 005798ba1 )
Cybereasonmalicious.76b98d
CyrenW32/Trojan.CDLU-7259
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.7Zip.S.gen
TrendMicro-HouseCallTrojan.Win32.CRYPZIP.SMRAH
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-9847818-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Zusy.373066
AvastWin32:7Drop-D [Trj]
Ad-AwareGen:Variant.Zusy.373066
SophosMal/Generic-R + Troj/Agent-BGQN
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.CRYPZIP.SMRAH
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Zusy.373066 (B)
GDataGen:Variant.Zusy.373066
JiangminTrojan/CoinMiner.ab.a
WebrootPua.Opencandy
AviraTR/Patched.Gen
ArcabitTrojan.Zusy.D5B14A
MicrosoftVirTool:Win32/AutInject.CP
CynetMalicious (score: 100)
McAfeeArtemis!6A16E2576B98
MAXmalware (ai score=85)
VBA32Trojan.Hesv
MalwarebytesTrojan.Dropper.Generic
RisingTrojan.HiddenRun/SFX!1.D57B (CLASSIC)
YandexTrojan.Crypzip!0G6sd/U0w0Q
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.115685787.susgen
FortinetPossibleThreat.PALLAS.H
AVGWin32:7Drop-D [Trj]
PandaTrj/CI.A

How to remove Zusy.373066?

Zusy.373066 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment