Categories: Malware

Should I remove “Zusy.389510”?

The Zusy.389510 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.389510 virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
A process created a hidden window
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Attempts to repeatedly call a single API many times in order to delay analysis time
Creates a copy of itself

How to determine Zusy.389510?


File Info:
name: 2758D4A256CB18F44709.mlwpath: /opt/CAPEv2/storage/binaries/cd1eb0a3f71bf385fbfe0920616b9515edf6e5680e06a525e9d3f3752f0b3362crc32: 134ACDE7md5: 2758d4a256cb18f44709b75c4645a263sha1: c416eaf570f3187241f3cbfc26e66fb9953b6b72sha256: cd1eb0a3f71bf385fbfe0920616b9515edf6e5680e06a525e9d3f3752f0b3362sha512: 457dd2cf68a8dfe8a79bb2f10b7d8cea572f349966f02a7f91eb61343cad01bdb6f20cc9a4e17a8b02d8240f10ad8bb02c2645b84dddd0165102bed136928bb8ssdeep: 3072:xmW/JBRR54Oh3wleSzG+LQDaC1BG+UAYGTZMhpW72TwMs9UG+/HrgT8I8sD6:PJTR5xtwlWz1BQqFMmiTwMs9o/HrWtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E9749CFCADEC64B1F1AE2233C8A6D974C22BACA71EB0C3BE131598FE59516405D1523Dsha3_384: edb55c6eb5a75459d71c44ddaf9861b50446f6394f5b5c99ea996233c5bfbe84623491ae9066c88130c2cf90518c4ad4ep_bytes: 558bec6aff6830944100680077410064timestamp: 2020-02-19 10:18:57
Version Info:
CompanyName: FileDescription: DynamicTB MFC ApplicationFileVersion: 1, 0, 0, 1InternalName: DynamicTBLegalCopyright: Copyright (C) 2000LegalTrademarks: OriginalFilename: DynamicTB.EXEProductName: DynamicTB ApplicationProductVersion: 1, 0, 0, 1Translation: 0x0409 0x04b0

Zusy.389510 also known as:

Lionic	Trojan.Win32.Dapato.b!c
MicroWorld-eScan	Gen:Variant.Zusy.389510
McAfee	Artemis!2758D4A256CB
Cylance	Unsafe
Sangfor	Trojan.Win32.Multiverze.mt
K7AntiVirus	Trojan ( 005605291 )
Alibaba	Trojan:Win32/Injuke.07e3a8a2
K7GW	Trojan ( 005605291 )
CrowdStrike	win/malicious_confidence_90% (D)
Cyren	W32/Trojan.AUMH-9077
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HGNX
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Gen:Variant.Zusy.389510
NANO-Antivirus	Trojan.Win32.Dapato.hbjmmg
Tencent	Win32.Trojan.Injuke.Hqls
Ad-Aware	Gen:Variant.Zusy.389510
Sophos	Mal/Generic-S
Zillya	Trojan.GenKryptik.Win32.52571
TrendMicro	Trojan.Win32.BAZALOADER.SMYXAK-A.hp
McAfee-GW-Edition	BehavesLike.Win32.Emotet.fc
FireEye	Generic.mg.2758d4a256cb18f4
Emsisoft	Gen:Variant.Zusy.389510 (B)
Ikarus	Trojan.Win32.Crypt
Jiangmin	TrojanDropper.Dapato.abdh
Microsoft	Trojan:Win32/Multiverze
Arcabit	Trojan.Zusy.D5F186
ViRobot	Trojan.Win32.Emotet.339968.D
ZoneAlarm	HEUR:Trojan.Win32.Injuke.gen
GData	Gen:Variant.Zusy.389510
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Emotet.R427039
VBA32	BScope.TrojanDropper.Dapato
ALYac	Gen:Variant.Zusy.389510
MAX	malware (ai score=83)
Malwarebytes	Trojan.TrickBot
Panda	Trj/CI.A
TrendMicro-HouseCall	Trojan.Win32.BAZALOADER.SMYXAK-A.hp
Rising	Dropper.Dapato!8.2A2 (CLOUD)
Yandex	Trojan.Agent!WUwS4pb0FQ4
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/Kryptik.HBGW!tr
AVG	Win32:Trojan-gen
Cybereason	malicious.256cb1
Avast	Win32:Trojan-gen