Malware

Zusy.388488 removal guide

Malware Removal

The Zusy.388488 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.388488 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Attempts to connect to a dead IP:Port (23 unique times)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Zusy.388488?



File Info:

name: 23013D0F14C4000833DD.mlw
path: /opt/CAPEv2/storage/binaries/2a8b3056995c500af72cba42f9669a9b9182fb875ae7fdf970c2be1a7952bf7c
crc32: 4C95D97E
md5: 23013d0f14c4000833dda025bc50af56
sha1: 5dc266c4d0147765e2d51f0cb967515795296bfe
sha256: 2a8b3056995c500af72cba42f9669a9b9182fb875ae7fdf970c2be1a7952bf7c
sha512: 99edb453802a7c28c442215d249720c07ab862db37534589f7f17cef362f958136d017afbf753ba2cbed5cd3c74fed3292ca87fd7126023cc9aa5ad47a6d7c7f
ssdeep: 24576:vs3rd9LxUwkH8ICW+KpPgYG+3SlTcWme5PvGwyp/8BLOspj:vSrd9VUpHhCiTChcWmMGhp/8Aspj
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T19565AE43FBC185B2D896463951B7237A4E3AE671433BC5C3CBD069658D62AD02B3E3C9
sha3_384: 6a9ffbfe0380b99a938d8be7bdd18b5824e3a39ed52a5c40f9845ebdc55411963a3f928d50efe3769a0b41078281ba17
ep_bytes: e8ad5e0000e995feffff8bff558bec83
timestamp: 2021-05-14 10:19:35


Version Info:

CompanyName: Microsoft Corporation
FileDescription: winaudio.exe
FileVersion: 1.0.0.1
InternalName: winaudio.exe
LegalCopyright: (c) Microsoft Corporation. All rights reserved.
OriginalFilename: winaudio.exe
ProductName: winaudio.exe
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Zusy.388488 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Mimdau.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.388488
FireEyeGen:Variant.Zusy.388488
ALYacGen:Variant.Zusy.388488
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004662611 )
K7GWTrojan ( 004662611 )
Cybereasonmalicious.f14c40
CyrenW32/Agent.CHX.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ULI
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Bulz-9854865-0
KasperskyHEUR:Trojan.Win32.Mimdau.gen
BitDefenderGen:Variant.Zusy.388488
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10ce536e
Ad-AwareGen:Variant.Zusy.388488
SophosTroj/Agent-BGQT
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.DownLoader39.20590
ZillyaTrojan.Agent.Win32.2152540
TrendMicroTROJ_GEN.R002C0PLB21
McAfee-GW-EditionBehavesLike.Win32.Fake.th
EmsisoftGen:Variant.Zusy.388488 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.388488
JiangminTrojan.Mimdau.bo
AviraHEUR/AGEN.1142358
Antiy-AVLTrojan/Generic.ASMalwS.33404FC
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Zusy.D5ED88
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R435759
Acronissuspicious
McAfeeGeneric Malware.al!enc
MAXmalware (ai score=82)
VBA32BScope.Trojan.Mimdau
MalwarebytesTrojan.Crypt
IkarusTrojan.Win32.Agent
FortinetW32/Agent.ULI!tr
BitDefenderThetaGen:NN.ZexaF.34084.yv0@amd@cRmj
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Zusy.388488?

Zusy.388488 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment