Malware

Zusy.388457 removal tips

Malware Removal

The Zusy.388457 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.388457 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Zusy.388457?



File Info:

name: B3C5000D1CB4412E7C3E.mlw
path: /opt/CAPEv2/storage/binaries/9a60f83e2341366c64fcf915f146f356942da6d41287410b2fc60e9e9beda8ad
crc32: 7B63C42D
md5: b3c5000d1cb4412e7c3e75c9f6ca4b5a
sha1: 383f8f6a5a34e83be70cbc0c75996104e8ec7311
sha256: 9a60f83e2341366c64fcf915f146f356942da6d41287410b2fc60e9e9beda8ad
sha512: ab7b657ccc73e180d61e3ad221fbcccfd8ebc654a87f4af275acfba7e7b98af414af95b2867412d1d22c4ff4cc2157f865e9a2bd0fdbac373a17f499ba44e86c
ssdeep: 49152:Ve9/nC0jETB32iijAcVEkmJ3mbLsyuG5Lk:4/Cj9miiCkusZn5L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F3A5AD577982C984D42239FAD8B982B48412BD51EC49E46772BD3D6DFBF12C3CC8268D
sha3_384: 0c6a04562e2782c7e8a1b2db47b587b970288bdda0645976628fa0e34bc639559e46ce192d70f6580fe107feeb1c10eb
ep_bytes: 558bec6aff68b0785800682e53580064
timestamp: 2021-06-14 18:46:15


Version Info:

CompanyName: HiKi-Soft
FileDescription: Duplicate finder and remover HiKi
FileVersion: 1.5.0.0
InternalName: Duplicator
LegalTrademarks: HiKi
OriginalFilename: double.exe
ProductName: Duplicate finder and remover HiKi
ProductVersion: 1.5
Comments: https://hiki-soft.ru
Translation: 0x0409 0x04e4

Zusy.388457 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Bingoml.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.388457
FireEyeGeneric.mg.b3c5000d1cb4412e
McAfeeGenericRXOX-XI!B3C5000D1CB4
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3345963
SangforTrojan.Win32.Bingoml.gen
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojan:Win32/Bingoml.4dc49ec6
K7GWTrojan ( 0058214e1 )
ArcabitTrojan.Zusy.D5ED69
BitDefenderThetaGen:NN.ZexaF.34294.jE0@a8EH1HgO
CyrenW32/Sabsik.F.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
Paloaltogeneric.ml
ClamAVWin.Packed.Jaik-9873196-0
KasperskyHEUR:Trojan.Win32.Bingoml.gen
BitDefenderGen:Variant.Zusy.388457
AvastWin32:CrypterX-gen [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Zusy.388457
EmsisoftGen:Variant.Zusy.388457 (B)
DrWebTrojan.Siggen14.6029
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SentinelOneStatic AI – Malicious PE
SophosMal/Generic-S
APEXMalicious
JiangminTrojan.Bingoml.acp
AviraTR/AD.CrthRazy.jccdx
Antiy-AVLTrojan/Generic.ASMalwS.33A8DFB
MicrosoftTrojan:Win32/Tnega!ml
GDataWin32.Trojan.PSE.1IAKRUN
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
VBA32Trojan.Bingoml
ALYacGen:Variant.Zusy.388457
MAXmalware (ai score=84)
MalwarebytesAdware.RussAd
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
YandexTrojan.Bingoml!oMvE41Bf7nw
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.HLIQ!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Zusy.388457?

Zusy.388457 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment