Malware

Zusy.398185 (B) malicious file

Malware Removal

The Zusy.398185 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.398185 (B) virus can do?

  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Zusy.398185 (B)?



File Info:

name: 2E3EDB5F17C1AF0B22B5.mlw
path: /opt/CAPEv2/storage/binaries/40b625d33d9962fc7bcf12398843a098167953aab4bb386ebe919fffa9058cb8
crc32: E9C4AC76
md5: 2e3edb5f17c1af0b22b5c5db095f599d
sha1: e8f26d9dffef9c931ef7ccdffab825f8103d8333
sha256: 40b625d33d9962fc7bcf12398843a098167953aab4bb386ebe919fffa9058cb8
sha512: 7c37cd926cc7c0e5d7cb3ab29bb474091c50a4739cb93f3727887cefb85ab0c08c6a0c4092a6a2380c62b11a5a8c065424f3a4e1344eb30ddf91fa809b679c63
ssdeep: 49152:PGBEKcTaTPD5ZEkRjerLlLnh0suFGmvQF5ml0/lubiPDYWLzh7wpvUEv:HKdbUkRjeXlLnhZknQFHPMUzhuME
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T115B59D323B0AC53AD55152F04929DBAF926D5A250B7548C7F3D02F79AA318D33B32D2B
sha3_384: 0b79a4ddab11c737252b35c1eae2c5a8ba23e9b5fde07a1680334172bbce204558cb7e278c40b36296534d1b4472fdef
ep_bytes: b8ff0000008b1d783d2120f7c3000100
timestamp: 2022-02-04 18:43:40


Version Info:

0: [No Data]

Zusy.398185 (B) also known as:

LionicTrojan.Win32.Zusy.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.398185
FireEyeGen:Variant.Zusy.398185
ALYacGen:Variant.Zusy.398185
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002H09B522
BitDefenderGen:Variant.Zusy.398185
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Zusy.398185 (B)
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.vh
APEXMalicious
JiangminTrojan.Fragtor.b
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Zusy.398185
CynetMalicious (score: 100)
McAfeeArtemis!2E3EDB5F17C1
MAXmalware (ai score=88)
FortinetW32/PossibleThreat
AVGWin32:TrojanX-gen [Trj]

How to remove Zusy.398185 (B)?

Zusy.398185 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment