Malware

Zusy.384806 (file analysis)

Malware Removal

The Zusy.384806 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.384806 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Detects the presence of Windows Defender AV emulator via files

How to determine Zusy.384806?


File Info:

name: E676C7ECBEB2F704A18E.mlw
path: /opt/CAPEv2/storage/binaries/e7261eba46fdad154e63a78f8e3bcb24bd1bdc98683a31eedb8838ecd57d50cf
crc32: 2C0CEB9B
md5: e676c7ecbeb2f704a18e30c069dc437c
sha1: 67f762cf5ed84142b313c1c0fe9b127b50de95d8
sha256: e7261eba46fdad154e63a78f8e3bcb24bd1bdc98683a31eedb8838ecd57d50cf
sha512: 3a8e3c9ac6943232a8d80599fc8e5f08457e42a6ddd78c5bfe62c733ba6a18eff97218527937c156d695f1e04c28d7b33e599ee6e0255f8542cdb0769e74e4fe
ssdeep: 24576:753uhFrwh/NnLStZkYEgzT8MxEBoqfT+iuMlD7e/ERsXmnmQx17jdboUN:75+hFrwh/NGtfz4Boo//ejXqmkbNN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16755028219E000F6D0561F72213A6E5A147FAF2C2F38A5D74715B62A5FB3FC2933AD85
sha3_384: 5cbcaf638f126dca9d13c7cf9fc26e939f3667dc7b94f74c4228c085aeffc5f46f686f5e97ab1690994d98a4ac8e5679
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34

Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.7.0.3900
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2016 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: April 1, 2016
ProductName: 7-Zip SFX
ProductVersion: 1.7.0.3900
Translation: 0x0000 0x04b0

Zusy.384806 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.384806
FireEyeGeneric.mg.e676c7ecbeb2f704
McAfeeArtemis!E676C7ECBEB2
CylanceUnsafe
SangforHacktool.Win32.AutoKMS.ml
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/DelFile.88070763
K7GWTrojan ( 0057994c1 )
K7AntiVirusTrojan ( 0057994c1 )
BitDefenderThetaGen:NN.ZexaF.34084.pr3@aOHXTjc
CyrenW32/Trojan.ASVZ-2895
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.7Zip.S.gen
TrendMicro-HouseCallRansom.Win32.FAKEGLOBE.JKPR
Paloaltogeneric.ml
ClamAVWin.Malware.Drivepack-9884589-1
KasperskyTrojan-Ransom.Win32.Gen.aaqg
BitDefenderGen:Variant.Zusy.384806
AvastWin32:7Drop-D [Trj]
TencentWin32.Trojan.Gen.Akew
Ad-AwareGen:Variant.Zusy.384806
EmsisoftGen:Variant.Zusy.384806 (B)
Comodofls.noname@0
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.FAKEGLOBE.JKPR
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosTroj/Agent-BGQN
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.384806
JiangminTrojan/CoinMiner.ab.a
WebrootPua.Opencandy
AviraTR/DelFile.sotbj
MAXmalware (ai score=86)
ViRobotTrojan.Win32.Z.Zusy.1305819
MicrosoftHackTool:Win32/AutoKMS!ml
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Generic.C4385266
VBA32Trojan.Hesv
ALYacGen:Variant.Zusy.384806
MalwarebytesTrojan.Dropper.Generic
APEXMalicious
RisingTrojan.HiddenRun/SFX!1.D57B (CLASSIC)
YandexTrojan.Crypzip!jUFIF/ZmrWk
IkarusTrojan-Spy.RedLineStealer
FortinetW32/Gen.AAQG!tr.ransom
AVGWin32:7Drop-D [Trj]
Cybereasonmalicious.cbeb2f
PandaTrj/CI.A
MaxSecureTrojan.Malware.115685787.susgen

How to remove Zusy.384806?

Zusy.384806 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment