Malware

Zusy.390653 (B) removal

Malware Removal

The Zusy.390653 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.390653 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Zusy.390653 (B)?



File Info:

name: A560028627BE3681CFBD.mlw
path: /opt/CAPEv2/storage/binaries/2a30aa5857caacd2ed25a8bdc6883b0ba8a4c308487e8eeeae08d58e0275e3e9
crc32: BA65E750
md5: a560028627be3681cfbd8fc43492f1a1
sha1: 1cbbc1886da0548c92c97e31edb1c8c7fe6ac763
sha256: 2a30aa5857caacd2ed25a8bdc6883b0ba8a4c308487e8eeeae08d58e0275e3e9
sha512: add3a878335af41d2903f0b9c10c5b2e14b3ae060f0abe430bf29051a68fcd32a8cfcca5da7a6b4c69fc5f8f2eabcb55046203bbcd95f5401809b55982f5e9cf
ssdeep: 24576:3pZZKwz/EdTuxEuSN2IhuxMQ5ZRTUnzxJwuD+Op3Bt3kmHqhy2F/EesYnvNIvufk:rtz/mumtgDTspDdr/Hq02FMetU84Ua
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E795F141ABF58879E1F62B355CB626804F3A7C617D36C29E6391EA2D1D77E80CC24327
sha3_384: 9926822ec6c6adb6fe239f390656808a7d168d04329f5633a50381630ba00293a55b1e82cd2736ab7227a57741060040
ep_bytes: 558bec6aff68b0675700689a41570064
timestamp: 2021-06-28 20:11:18


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Zusy.390653 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Razy.a!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.30865
MicroWorld-eScanGen:Variant.Zusy.390653
FireEyeGeneric.mg.a560028627be3681
McAfeeGenericRXAA-AA!A560028627BE
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojanDownloader:Win32/Kryptik.956f1819
K7GWTrojan ( 0058214e1 )
BitDefenderThetaGen:NN.ZexaF.34160.YD0@aWi8u4ai
CyrenW32/Kryptik.EMY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
TrendMicro-HouseCallTROJ_GEN.R002C0WAG22
KasperskyHEUR:Trojan-Downloader.Win32.Razy.gen
BitDefenderGen:Variant.Zusy.390653
AvastWin32:CrypterX-gen [Trj]
TencentWin32.Trojan-downloader.Razy.Llqm
Ad-AwareGen:Variant.Zusy.390653
EmsisoftGen:Variant.Zusy.390653 (B)
TrendMicroTROJ_GEN.R002C0WAG22
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1207515
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.350BADC
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Trojan.PSE.13M60MZ
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
ALYacGen:Variant.Zusy.390653
MalwarebytesAdware.DownloadAssistant
APEXMalicious
RisingTrojan.Kryptik!8.8 (TFE:dGZlOgEI88g9DjU5KA)
YandexTrojan.Kryptik!YyOjJk9zdPQ
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_81%
FortinetW32/Kryptik.HLMN!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Zusy.390653 (B)?

Zusy.390653 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment