Malware

Zusy.397209 malicious file

Malware Removal

The Zusy.397209 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.397209 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Created a service that was not started

How to determine Zusy.397209?



File Info:

name: AA7862413E3AEEAEDCE1.mlw
path: /opt/CAPEv2/storage/binaries/150db9d5fd43df36ca8403a7766792d1069f71e81b32d95076c38e6007b82821
crc32: DB964ECE
md5: aa7862413e3aeeaedce1750b8735219d
sha1: 58fd7d2e1530de2e6c8f01081b2d711bd4a9cefb
sha256: 150db9d5fd43df36ca8403a7766792d1069f71e81b32d95076c38e6007b82821
sha512: 2a8cea4733ef6ebdbd82a13ba515f3e3cdfe10e493551b09e898444bccab5e9f29e69bfa773d68e3298e58dac73a389295c4b18c9a25cd9d8b7cfd2a5147ae7a
ssdeep: 49152:4uYIcCDR1BOrXBlHi6/9alhX/TPKPamrt3sYV6V:4VC6XvC6/9EPKP3t3sYEV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC752301E7E1C07EE27257724D32166A6A3FBF11293A65ED67EDBD0D0CB4B52208C366
sha3_384: 86d1a43bd8779aa1a6736b2b5075bf58a2047dd50c73700a08b8c3a1ac10a0f76aee2b57e44d99b9a3ed80e3fce0b0cd
ep_bytes: 558bec6aff68b8685700684443570064
timestamp: 2021-08-07 17:21:33


Version Info:

FileDescription: XCrashReport.exe
FileVersion: 1, 4, 0, 1
LegalCopyright: Copyright © 2004-2010 Hans Dietrich
OriginalFilename: XCrashReport.exe
ProductName: XCrashReport
ProductVersion: 1, 4, 0, 1
Translation: 0x0409 0x04e4

Zusy.397209 also known as:

LionicTrojan.Win32.Bingoml.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.397209
FireEyeGeneric.mg.aa7862413e3aeeae
McAfeeGenericRXAA-AA!AA7862413E3A
ZillyaTrojan.Bingoml.Win32.5756
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojan:Win32/Bingoml.f4506313
K7GWTrojan ( 0058214e1 )
Cybereasonmalicious.e1530d
BitDefenderThetaGen:NN.ZexaF.34114.LD0@aiAQz3ni
CyrenW32/Sabsik.F.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
TrendMicro-HouseCallTROJ_GEN.R002C0WHA21
AvastWin32:CrypterX-gen [Trj]
ClamAVWin.Packed.Zusy-9886181-0
KasperskyTrojan.Win32.Bingoml.cdbx
BitDefenderGen:Variant.Zusy.397209
Ad-AwareGen:Variant.Zusy.397209
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WHA21
McAfee-GW-EditionBehavesLike.Win32.SpringFiles.tc
EmsisoftGen:Variant.Zusy.397209 (B)
Paloaltogeneric.ml
GDataWin32.Trojan.PSE.13M60MZ
AviraHEUR/AGEN.1142521
ArcabitTrojan.Zusy.D60F99
MicrosoftTrojan:Win32/Sabsik.REA!MTB
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
VBA32Trojan.Bingoml
ALYacGen:Variant.Zusy.397209
MAXmalware (ai score=80)
MalwarebytesBackdoor.Bot
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HLMN!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Zusy.397209?

Zusy.397209 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment