Malware

Should I remove “Zusy.389510”?

Malware Removal

The Zusy.389510 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.389510 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates a copy of itself

How to determine Zusy.389510?



File Info:

name: 2758D4A256CB18F44709.mlw
path: /opt/CAPEv2/storage/binaries/cd1eb0a3f71bf385fbfe0920616b9515edf6e5680e06a525e9d3f3752f0b3362
crc32: 134ACDE7
md5: 2758d4a256cb18f44709b75c4645a263
sha1: c416eaf570f3187241f3cbfc26e66fb9953b6b72
sha256: cd1eb0a3f71bf385fbfe0920616b9515edf6e5680e06a525e9d3f3752f0b3362
sha512: 457dd2cf68a8dfe8a79bb2f10b7d8cea572f349966f02a7f91eb61343cad01bdb6f20cc9a4e17a8b02d8240f10ad8bb02c2645b84dddd0165102bed136928bb8
ssdeep: 3072:xmW/JBRR54Oh3wleSzG+LQDaC1BG+UAYGTZMhpW72TwMs9UG+/HrgT8I8sD6:PJTR5xtwlWz1BQqFMmiTwMs9o/HrW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E9749CFCADEC64B1F1AE2233C8A6D974C22BACA71EB0C3BE131598FE59516405D1523D
sha3_384: edb55c6eb5a75459d71c44ddaf9861b50446f6394f5b5c99ea996233c5bfbe84623491ae9066c88130c2cf90518c4ad4
ep_bytes: 558bec6aff6830944100680077410064
timestamp: 2020-02-19 10:18:57


Version Info:

CompanyName: 
FileDescription: DynamicTB MFC Application
FileVersion: 1, 0, 0, 1
InternalName: DynamicTB
LegalCopyright: Copyright (C) 2000
LegalTrademarks: 
OriginalFilename: DynamicTB.EXE
ProductName: DynamicTB Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Zusy.389510 also known as:

LionicTrojan.Win32.Dapato.b!c
MicroWorld-eScanGen:Variant.Zusy.389510
McAfeeArtemis!2758D4A256CB
CylanceUnsafe
SangforTrojan.Win32.Multiverze.mt
K7AntiVirusTrojan ( 005605291 )
AlibabaTrojan:Win32/Injuke.07e3a8a2
K7GWTrojan ( 005605291 )
CrowdStrikewin/malicious_confidence_90% (D)
CyrenW32/Trojan.AUMH-9077
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HGNX
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderGen:Variant.Zusy.389510
NANO-AntivirusTrojan.Win32.Dapato.hbjmmg
TencentWin32.Trojan.Injuke.Hqls
Ad-AwareGen:Variant.Zusy.389510
SophosMal/Generic-S
ZillyaTrojan.GenKryptik.Win32.52571
TrendMicroTrojan.Win32.BAZALOADER.SMYXAK-A.hp
McAfee-GW-EditionBehavesLike.Win32.Emotet.fc
FireEyeGeneric.mg.2758d4a256cb18f4
EmsisoftGen:Variant.Zusy.389510 (B)
IkarusTrojan.Win32.Crypt
JiangminTrojanDropper.Dapato.abdh
MicrosoftTrojan:Win32/Multiverze
ArcabitTrojan.Zusy.D5F186
ViRobotTrojan.Win32.Emotet.339968.D
ZoneAlarmHEUR:Trojan.Win32.Injuke.gen
GDataGen:Variant.Zusy.389510
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Emotet.R427039
VBA32BScope.TrojanDropper.Dapato
ALYacGen:Variant.Zusy.389510
MAXmalware (ai score=83)
MalwarebytesTrojan.TrickBot
PandaTrj/CI.A
TrendMicro-HouseCallTrojan.Win32.BAZALOADER.SMYXAK-A.hp
RisingDropper.Dapato!8.2A2 (CLOUD)
YandexTrojan.Agent!WUwS4pb0FQ4
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Kryptik.HBGW!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.256cb1
AvastWin32:Trojan-gen

How to remove Zusy.389510?

Zusy.389510 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment