Malware

Zusy.400921 (B) malicious file

Malware Removal

The Zusy.400921 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.400921 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Anomalous binary characteristics

How to determine Zusy.400921 (B)?



File Info:

name: EF58D83C435B60E350C3.mlw
path: /opt/CAPEv2/storage/binaries/ba61b6d91dff31343e0dd12b0b21ddc43e3c7cdd6b0566f665bdfcb1f55ab774
crc32: 9CCCE1BD
md5: ef58d83c435b60e350c39ea4b95331cc
sha1: 9b3d0d47df07ce36d137efc36baf715f72c7df91
sha256: ba61b6d91dff31343e0dd12b0b21ddc43e3c7cdd6b0566f665bdfcb1f55ab774
sha512: 7710ea3051ee40c4ec897670a95871403fa764d7d3cb71f247cc8b9b8a325c93dbff5335b244e3b8340c7958bcb447ba5826712561172dc023c8d437c8f742a1
ssdeep: 6144:Z/QU9tWe/KR6RKmxCoIwRofRfpOTBmkYqDqkv9+:ZIwtWaKgRKmx25fpOT0kqkv9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C7548E19B190E039CC5240FABE6DC7A459217D7598B4100B3FE63B271DB13EE89A6F27
sha3_384: 86fbd38983f9dd1fd2e6812fde61723274799192e36d0e8bfaadc9b3b903a37523ff14b570bfd2d4202ef4d71299a23e
ep_bytes: e80d660000e995feffffcccccccccccc
timestamp: 2013-04-04 11:50:02


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 7.0.210.11
Full Version: 1.7.0_21-b11
InternalName: java
LegalCopyright: Copyright © 2013
OriginalFilename: java.exe
ProductName: Java(TM) Platform SE 7 U21
ProductVersion: 7.0.210.11
Translation: 0x0000 0x04b0

Zusy.400921 (B) also known as:

LionicTrojan.Win32.Mokes.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.400921
FireEyeGen:Variant.Zusy.400921
ALYacGen:Variant.Zusy.400921
CylanceUnsafe
K7AntiVirusTrojan ( 0056d4961 )
AlibabaBackdoor:Win32/Mokes.a41b9f43
Cybereasonmalicious.c435b6
CyrenW32/Kryptik.DJL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ACGU
TrendMicro-HouseCallTROJ_GEN.R002H0CLB21
KasperskyHEUR:Backdoor.Win32.Mokes.pef
BitDefenderGen:Variant.Zusy.400921
NANO-AntivirusTrojan.Win32.Kryptik.ietvzc
AvastWin32:Trojan-gen
RisingTrojan.Injector!1.D328 (CLASSIC)
Ad-AwareGen:Variant.Zusy.400921
SophosMal/Generic-S
McAfee-GW-EditionRDN/Generic BackDoor
SentinelOneStatic AI – Suspicious PE
EmsisoftGen:Variant.Zusy.400921 (B)
IkarusTrojan.Win32.Agent
GDataGen:Variant.Zusy.400921
AviraHEUR/AGEN.1140627
Antiy-AVLTrojan/Generic.ASMalwS.3109ABF
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Gen.Generic.C4222593
McAfeeRDN/Generic BackDoor
VBA32BScope.Backdoor.Mokes
MalwarebytesTrojan.Crypt.JV
APEXMalicious
TencentWin32.Backdoor.Mokes.Amvw
MAXmalware (ai score=80)
FortinetW32/Agent.ACGU!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Zusy.400921 (B)?

Zusy.400921 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment