Malware

Should I remove “Zusy.406400 (B)”?

Malware Removal

The Zusy.406400 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.406400 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Zusy.406400 (B)?



File Info:

name: 2F6C0ADB5680DAD461B2.mlw
path: /opt/CAPEv2/storage/binaries/97298b9206a32f05906648e43ca34ffb45ca59eb1c797589476522188b216ed6
crc32: E33C6ACE
md5: 2f6c0adb5680dad461b24a22b49d3581
sha1: d7cade81e9c3b3975a4c5e3d43ca6d2b4c93a0f4
sha256: 97298b9206a32f05906648e43ca34ffb45ca59eb1c797589476522188b216ed6
sha512: ce9635a60d4555707efc1cccacbc928559489f02dbb3def87a2e81aaa27f1f07d1cf999ed5e426ef90057bdc62e9059542b3a59fa593c17db402053e794905a6
ssdeep: 24576:hZ8ltUgAMk6oP14xNdnmFQzQjQ8ecDS/iJNmy:hWltUgNk6qeNRmFQzQjQ83DEiJNm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CD455B81A3D1C815F4B35A3648768FA01E23BD905B3585CF6688731E49B3BC29FB5B1B
sha3_384: da832a02be1cc8e44bb82fce5a17a130fb84935c2f67f25467c8131678fd884264a7e6c0c057cd33714ac950c2b7ef04
ep_bytes: 558bec6aff68e0b14600685898460064
timestamp: 2021-11-08 19:01:07


Version Info:

Comments: R-Undelete
CompanyName: Copyright (c) 2001-2017 R-Tools Technology Inc.
FileDescription: RUndelete
FileVersion: 6,5,170,927
InternalName: R-Undelete
LegalCopyright: Copyright (c) 2001-2017 R-Tools Technology Inc.
LegalTrademarks: Copyright (c) 2001-2017 R-Tools Technology Inc.
OriginalFilename: RUndelete.exe
ProductName: R-Undelete
ProductVersion: 6,5,170,927
Translation: 0x0409 0x04b0

Zusy.406400 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Staser.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.406400
FireEyeGeneric.mg.2f6c0adb5680dad4
ALYacGen:Variant.Zusy.406400
CylanceUnsafe
SangforTrojan.Win32.Staser.gen
CrowdStrikewin/malicious_confidence_70% (W)
AlibabaTrojan:Win32/Staser.23c4d603
K7GWTrojan ( 005821bc1 )
K7AntiVirusTrojan ( 005821bc1 )
CyrenW32/Staser.Q.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLQM
APEXMalicious
AvastWin32:Trojan-gen
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Zusy.406400
SUPERAntiSpywareTrojan.Agent/Generic
TencentWin32.Trojan.Staser.Htwm
Ad-AwareGen:Variant.Zusy.406400
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.tm
EmsisoftGen:Variant.Zusy.406400 (B)
Paloaltogeneric.ml
GDataWin32.Trojan.PSE.1QRPSAL
AviraHEUR/AGEN.1244176
Antiy-AVLTrojan/Generic.ASMalwS.352262F
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Zusy.D63380
ViRobotTrojan.Win32.Z.Zusy.1224704.AP
MicrosoftTrojan:Win32/Tnega!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R438315
McAfeeGenericRXQT-EV!2F6C0ADB5680
MAXmalware (ai score=89)
VBA32Trojan.Staser
MalwarebytesAdware.DownloadAssistant
RisingTrojan.Kryptik!1.AA55 (CLOUD)
YandexTrojan.Staser!0ktGuJ7EWX8
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HATU!tr
BitDefenderThetaGen:NN.ZexaF.34212.kz0@a4b9POfi
AVGWin32:Trojan-gen
Cybereasonmalicious.1e9c3b
PandaTrj/GdSda.A

How to remove Zusy.406400 (B)?

Zusy.406400 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment