Malware

Zusy.401175 (file analysis)

Malware Removal

The Zusy.401175 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.401175 virus can do?

  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

salaeigroup.com
ikstrade.co.kr
salesandmarketing101.net
lutheranph.com
dustywinslow.com
lovemydress.pl

How to determine Zusy.401175?



File Info:

crc32: EBEF925E
md5: 48ac2a2d0b33f62c91c7203da0641b1f
name: 48AC2A2D0B33F62C91C7203DA0641B1F.mlw
sha1: 0b6cc970e6d8e0791fe19a2b3211c2f9afdfdc5b
sha256: 0b448f3c505d11a8cd6768d06022758f0d83c32c2cbb185bfd5efc6b76baa24f
sha512: 45cf254e5df95bd4cf418dd71522f30c0743ce323d439e7aa741da57572d0e20f63351f6b0276a50b9f0c485ecedf24f16da918fc9a274e760ebda3068113a84
ssdeep: 3072:7VKS4guAGY2j4mkQ/zxPtnZrBLXOjlukMwrkUyTaVZPVPIPZlelVIstcIFY5TRp:d+LBWukMwtyTwPIPZleLwXA/J
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Zusy.401175 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0055e3ef1 )
LionicTrojan.Win32.Bitman.j!c
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3999
CynetMalicious (score: 100)
ALYacGen:Variant.Zusy.401175
CylanceUnsafe
ZillyaTrojan.Bitman.Win32.3473
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/Bitman.27440f50
K7GWTrojan ( 0055e3ef1 )
Cybereasonmalicious.d0b33f
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Filecoder.TeslaCrypt.I
APEXMalicious
AvastWin32:Mutex-I [Trj]
ClamAVWin.Ransomware.Teslacrypt-7344116-0
KasperskyTrojan-Ransom.Win32.Bitman.jur
BitDefenderGen:Variant.Zusy.401175
NANO-AntivirusTrojan.Win32.Bitman.eirwor
MicroWorld-eScanGen:Variant.Zusy.401175
TencentWin32.Trojan.Bitman.Peqe
Ad-AwareGen:Variant.Zusy.401175
SophosMal/Generic-S
ComodoMalware@#9x4tdjoorkg9
BitDefenderThetaGen:NN.ZexaF.34170.puW@ayb@uJdi
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.F116KN
McAfee-GW-EditionBehavesLike.Win32.BrowseFox.dh
FireEyeGeneric.mg.48ac2a2d0b33f62c
EmsisoftGen:Variant.Zusy.401175 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.ohzq
Antiy-AVLTrojan/Generic.ASMalwS.1739367
MicrosoftRansom:Win32/Tescrypt.H
ArcabitTrojan.Zusy.D61F17
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.401175
TACHYONRansom/W32.Bitman.254976
AhnLab-V3Malware/Win32.RL_Generic.R294463
McAfeeGenericRXFC-NV!48AC2A2D0B33
MAXmalware (ai score=88)
VBA32SScope.TrojanRansom.Filecoder
MalwarebytesMalware.AI.4157370387
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_CRYPTESLA.F116KN
RisingTrojan.Generic@ML.100 (RDML:gfqzdxjd/zEiXY3IEiF4+w)
YandexTrojan.GenAsa!qrU7LxSR3Ek
IkarusTrojan-Ransom.TeslaCrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.2240!tr
AVGWin32:Mutex-I [Trj]
Paloaltogeneric.ml

How to remove Zusy.401175?

Zusy.401175 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment