Malware

Zusy.388999 (file analysis)

Malware Removal

The Zusy.388999 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.388999 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Created a service that was not started

How to determine Zusy.388999?



File Info:

name: B03E1875AAF737DE9145.mlw
path: /opt/CAPEv2/storage/binaries/f20fe276b88a60ecbdd437adcab4d2389ca8ad10532ba15012e5b3fe7b4052a4
crc32: C43DF446
md5: b03e1875aaf737de9145e2a9f5042841
sha1: 7b89a0d4cbdb0e9e6557255ebeb855d4b156ec91
sha256: f20fe276b88a60ecbdd437adcab4d2389ca8ad10532ba15012e5b3fe7b4052a4
sha512: 829bb84319307a7b38ba40ad0946133b858f11743c82a8ec2d2e3569b814caa87082faa4e3b49e0b274eabe920bed2ba0c4fe24dd08ad5fc202366960f75d020
ssdeep: 49152:eT9iUyP18KPwUNEbISHM2hkSGHloLicWKyqMTrt:89iR1noUqIcLkSGHCbWl5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E175CE073DC38995C8493D7EE4F143A48052FEA4ED8EF9B33A857A7AD8E52E508439C5
sha3_384: a438cc10768c5167bfcfa9d5454cad1d87517883e876a7fac36aa65ef4113f14d62d9e218169c31fdf35bdae39ee0197
ep_bytes: 558bec6aff68b877580068c251580064
timestamp: 2021-06-19 05:10:38


Version Info:

CompanyName: HiKi-Soft
FileDescription: Duplicate finder and remover HiKi
FileVersion: 1.5.0.0
InternalName: Duplicator
LegalTrademarks: HiKi
OriginalFilename: double.exe
ProductName: Duplicate finder and remover HiKi
ProductVersion: 1.5
Comments: https://hiki-soft.ru
Translation: 0x0409 0x04e4

Zusy.388999 also known as:

LionicTrojan.Win32.Razy.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.388999
FireEyeGeneric.mg.b03e1875aaf737de
CAT-QuickHealPUA.BingomlIH.S21215001
ALYacGen:Variant.Zusy.388999
MalwarebytesAdware.RussAd
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojanDownloader:Win32/Kryptik.1e65032f
K7GWTrojan ( 0058214e1 )
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZexaF.34084.ND0@auNMAYei
CyrenW32/Sabsik.F.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.Razy.gen
BitDefenderGen:Variant.Zusy.388999
SUPERAntiSpywareTrojan.Agent/Gen-Bingoml
TencentWin32.Trojan-downloader.Razy.Pbow
Ad-AwareGen:Variant.Zusy.388999
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WGM21
McAfee-GW-EditionBehavesLike.Win32.Pate.tc
EmsisoftGen:Variant.Zusy.388999 (B)
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE.1EXC8XJ
JiangminTrojanDownloader.Razy.knh
AviraHEUR/AGEN.1143574
MicrosoftTrojan:Win32/Tnega!ml
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
VBA32TrojanDownloader.Razy
MAXmalware (ai score=83)
TrendMicro-HouseCallTROJ_GEN.R002C0WGM21
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
YandexTrojan.Kryptik!CJQoNoahC6k
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HLMN!tr
Cybereasonmalicious.4cbdb0
PandaTrj/GdSda.A

How to remove Zusy.388999?

Zusy.388999 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment