Malware

Zusy.406248 removal instruction

Malware Removal

The Zusy.406248 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.406248 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (18 unique times)
  • Starts servers listening on 0.0.0.0:6968
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Divehi
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • A possible cryptomining command was executed
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
microsoft-com.mail.protection.outlook.com
quadoil.ru
158.102.105.176.dnsbl.sorbs.net
158.102.105.176.bl.spamcop.net
158.102.105.176.zen.spamhaus.org
158.102.105.176.sbl-xbl.spamhaus.org
158.102.105.176.cbl.abuseat.org
fastpool.xyz
www.instagram.com
mx03.t-online.de
spamtitan3.bcsdschools.net
mx2.hanmail.net
kmtel.com.mx1.greymail.rcimx.net

How to determine Zusy.406248?


File Info:

crc32: 72565D6C
md5: 16b8edd91b8d518e7fe3fd87bf4106e6
name: 16B8EDD91B8D518E7FE3FD87BF4106E6.mlw
sha1: 7ef55082693412c3ed7b735c57ff1ab07f522d77
sha256: 18ea43eed88a7bdcf9e7222719756981a136872f8dfeb46e2adb8bd3d3959ebe
sha512: 6dd2a441df2d9ce1629863c899dfd589214b4f1cfa7c8efff37e20ca25d37e559084ff94f4283d9207ce716e98fbdd27bc8b77671a493e2a9a28e051c2ea7b2b
ssdeep: 49152:fkhVrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr:fk
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translations: 0x0512 0x00ac

Zusy.406248 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 00589e121 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.39678
CynetMalicious (score: 100)
ALYacGen:Variant.Zusy.406248
CylanceUnsafe
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 00589e121 )
Cybereasonmalicious.269341
BaiduWin32.Trojan.Kryptik.jm
CyrenW32/Kryptik.FPK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNEP
APEXMalicious
AvastWin32:CrypterX-gen [Trj]
ClamAVWin.Trojan.Generic-9906195-0
KasperskyHEUR:Backdoor.Win32.Tofsee.gen
BitDefenderGen:Variant.Zusy.406248
MicroWorld-eScanGen:Variant.Zusy.406248
TencentMalware.Win32.Gencirc.10cf83f6
Ad-AwareGen:Variant.Zusy.406248
SophosML/PE-A + Troj/Krypt-DY
McAfee-GW-EditionPacked-GDT!16B8EDD91B8D
FireEyeGeneric.mg.16b8edd91b8d518e
EmsisoftGen:Variant.Zusy.406248 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Strab.di
AviraTR/Crypt.XPACK.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.34CC192
MicrosoftTrojan:Win32/Azorult.RW!MTB
GDataGen:Variant.Zusy.406248
AhnLab-V3Trojan/Win.MalPE.R448394
Acronissuspicious
McAfeePacked-GDT!16B8EDD91B8D
MAXmalware (ai score=82)
VBA32BScope.Trojan.Sabsik.FL
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
YandexTrojan.Kryptik!ojVlVjz8C8M
IkarusTrojan.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Jaik.4905!tr
AVGWin32:CrypterX-gen [Trj]

How to remove Zusy.406248?

Zusy.406248 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment