Malware

Zusy.406400 removal

Malware Removal

The Zusy.406400 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.406400 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Zusy.406400?



File Info:

name: 12D54C08AD60BC8E240C.mlw
path: /opt/CAPEv2/storage/binaries/69f370a7ea1063fd33661caefadf1a1852952500fd59526d22649fa4607822c4
crc32: A4B51B89
md5: 12d54c08ad60bc8e240c9080579998e6
sha1: 5638ba7e8a151b9070627d81512d13a1515d1e6d
sha256: 69f370a7ea1063fd33661caefadf1a1852952500fd59526d22649fa4607822c4
sha512: d11ccd689d19fddd68b5d1d615dad42b4f5dad4a9f86612b28847fc40aa4e1dd076f4a48c865f7a1d86fc3156198b8f7a20e811c56dbd1a2810806b5ce91f9e5
ssdeep: 24576:YITnq0pmQPfqdnmFQzQjQ8ecDS/iJNmy:YITnq0pmQPfqRmFQzQjQ83DEiJNm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CF455B81A3D1C815F4B35A364C768FA01A23BD945B3585CF6688731E09B3BC29FB5B1B
sha3_384: 7c1145b8121725d7572fec88e604dd89ea1d4f993c2c1098cee2800b70752a896e5527e1c2dbbff33e653015048c057b
ep_bytes: 558bec6aff68e0b14600685898460064
timestamp: 2021-11-08 22:42:45


Version Info:

Comments: R-Undelete
CompanyName: Copyright (c) 2001-2017 R-Tools Technology Inc.
FileDescription: RUndelete
FileVersion: 6,5,170,927
InternalName: R-Undelete
LegalCopyright: Copyright (c) 2001-2017 R-Tools Technology Inc.
LegalTrademarks: Copyright (c) 2001-2017 R-Tools Technology Inc.
OriginalFilename: RUndelete.exe
ProductName: R-Undelete
ProductVersion: 6,5,170,927
Translation: 0x0409 0x04b0

Zusy.406400 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Staser.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.406400
FireEyeGeneric.mg.12d54c08ad60bc8e
ALYacGen:Variant.Zusy.406400
CylanceUnsafe
K7AntiVirusTrojan ( 005821bc1 )
AlibabaTrojan:Win32/Staser.016866ab
K7GWTrojan ( 005821bc1 )
CrowdStrikewin/malicious_confidence_60% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLQM
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Zusy.406400
SUPERAntiSpywareTrojan.Agent/Generic
AvastWin32:Trojan-gen
TencentWin32.Trojan.Staser.Dyqn
Ad-AwareGen:Variant.Zusy.406400
ZillyaTrojan.Kryptik.Win32.3627127
TrendMicroTROJ_GEN.R03BC0WKL21
McAfee-GW-EditionBehavesLike.Win32.Generic.th
EmsisoftGen:Variant.Zusy.406400 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Staser.kip
AviraHEUR/AGEN.1145346
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.34D7A84
GridinsoftRansom.Win32.Gen.sa
MicrosoftTrojan:Win32/Tiggre!rfn
GDataWin32.Trojan.PSE.1IAKRUN
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R438315
McAfeeGenericRXQT-EV!12D54C08AD60
VBA32Trojan.Staser
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R03BC0WKL21
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_75%
FortinetW32/Kryptik.HATU!tr
BitDefenderThetaGen:NN.ZexaF.34294.kz0@aqNu2Wli
AVGWin32:Trojan-gen
Cybereasonmalicious.e8a151
PandaTrj/GdSda.A

How to remove Zusy.406400?

Zusy.406400 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment