Malware

Zusy.401595 (B) information

Malware Removal

The Zusy.401595 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.401595 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Created a service that was not started

Related domains:

samegrehome.live

How to determine Zusy.401595 (B)?



File Info:

name: 0FF99C0D5A4BD949A27E.mlw
path: /opt/CAPEv2/storage/binaries/3e188b1ecc6de5a2f15f2f2a08ea43d94e89380a44763c112c399576361f1449
crc32: CB629AE2
md5: 0ff99c0d5a4bd949a27ec5e1af5e7076
sha1: 62f6dc4e2620c64f82355e929bd5189ad7dff2ed
sha256: 3e188b1ecc6de5a2f15f2f2a08ea43d94e89380a44763c112c399576361f1449
sha512: 69139748ab289f1d864ee2ba0142b0243f87df774aa5c32aa897b2b6e825109931b2e4688833def09c862f8c75b675265f46d9abf64b1aec0104e725c61ccac3
ssdeep: 49152:1NNDpzNND1GDhyNNDtdifNNDEWDNNDrHPz4LNNDoTGjWdwNNDynrAHNND2QfM3Vn:xGDhodWLHTgwvnrARM3Vn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149A59C106E7CB722EA57A57B73F24A40117ABD02933406DF4656382B22F3EF06A37795
sha3_384: bd6ed6baaa328715d1254d5b033946f38da2eb40c995c05066269e80e24768f3cb33ad1ff5b757430686e73043362379
ep_bytes: 558bec6aff682079570068bc53570064
timestamp: 2021-09-19 19:36:05


Version Info:

CompanyName: SharpNight Co,Ltd
FileDescription: 7-Data Recovery Suite
FileVersion: 4.4.0.0
LegalCopyright: Copyright 2019, SharpNight Co,Ltd, All rights reserved.
ProductName: 7-Data Recovery Suite
ProductVersion: 4.4.0.0
Translation: 0x0409 0x03a8

Zusy.401595 (B) also known as:

LionicTrojan.Win32.Razy.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.401595
FireEyeGen:Variant.Zusy.401595
ALYacGen:Variant.Zusy.401595
CylanceUnsafe
SangforTrojan.Win32.Razy.gen
K7AntiVirusTrojan ( 0058214e1 )
BitDefenderGen:Variant.Zusy.401595
K7GWTrojan ( 0058214e1 )
CyrenW32/Kryptik.FIS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HBAI
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Adwarex-9854441-0
KasperskyHEUR:Trojan-Downloader.Win32.Razy.gen
AlibabaTrojanDownloader:Win32/Kryptik.872fae7c
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
Ad-AwareGen:Variant.Zusy.401595
SophosMal/Generic-S
ZillyaTrojan.Kryptik.Win32.3502434
TrendMicroTROJ_GEN.R002C0PIP21
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGen:Variant.Zusy.401595 (B)
IkarusTrojan.Win32.Crypt
AviraTR/Crypt.Agent.okxwy
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.1IAKRUN
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
McAfeeGenericRXQC-BH!0FF99C0D5A4B
VBA32TrojanDownloader.Razy
MalwarebytesTrojan.Crypt
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0PIP21
TencentWin32.Trojan-downloader.Razy.Ljt
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HLMN!tr
AVGWin32:AdwareX-gen [Adw]
AvastWin32:AdwareX-gen [Adw]

How to remove Zusy.401595 (B)?

Zusy.401595 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment