Malware

Zusy.400007 malicious file

Malware Removal

The Zusy.400007 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Zusy.400007 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Zusy.400007?


File Info:

name: 636C43E154227C0FC3EC.mlw
path: /opt/CAPEv2/storage/binaries/d8e508e9378ffb2c6c4c8baeb68a02b5939619d3ffa401a5ddee407b5f1e11ff
crc32: 16C410FF
md5: 636c43e154227c0fc3ecbb049bc09bdd
sha1: 814f13432f2e54a7c3eabb826d1cae79a622adba
sha256: d8e508e9378ffb2c6c4c8baeb68a02b5939619d3ffa401a5ddee407b5f1e11ff
sha512: 1e0d5c5ed534b9bf2ea8f1c178d310a3f754da7ef5827e6075bc820180ffdd4985ae05108e28f7d0d4b6a66102377b3e33c40e06186dd708b77605b378f1f983
ssdeep: 24576:qwnU4TDLYIotQ2uzVQsTRkXXhU+qwgj6wgq64Z3ZCvJaMBj3hSVjWOD9hD12I3VA:FntTXYVqTSKaXXhNlgvukZCjlSd73OP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F8523123090C2B7C47A193941D6CE20DE3AB0AA477984DBBBDE5BF5DF11A9293314CE
sha3_384: 9083ba526555f7b3353fbe3fbb7b336ec224b7117ba9eca173a85df97d35fdd277632ee67c7a85de23630c392955ca82
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2022-07-31 07:45:58

Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: DrawDesign
FileVersion: 1.0.0.0
InternalName: DrawDesign.exe
LegalCopyright: Copyright © Microsoft 2019
OriginalFilename: DrawDesign.exe
ProductName: DrawDesign
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Zusy.400007 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Variant.Zusy.400007
FireEyeGeneric.mg.636c43e154227c0f
ALYacGen:Variant.Zusy.400007
CylanceUnsafe
Cybereasonmalicious.32f2e5
Elasticmalicious (high confidence)
ESET-NOD32MSIL/Bladabindi.BC
APEXMalicious
KasperskyTrojan-Dropper.Win32.Sysn.czyi
BitDefenderGen:Variant.Zusy.400007
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.400007
EmsisoftGen:Variant.Zusy.400007 (B)
VIPREGen:Variant.Zusy.400007
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
IkarusPUA.MSIL.Netreactor
GDataGen:Variant.Zusy.400007
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R371071
McAfeeArtemis!636C43E15422
MAXmalware (ai score=85)
VBA32Backdoor.Bladabindi
MalwarebytesTrojan.MalPack
RisingTrojan.Generic@AI.96 (RDML:iFqOF1FmZcThokezxVbOVw)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34582.Rr0@aqvoHJc
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Zusy.400007?

Zusy.400007 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment