Malware

Zusy.407647 (B) removal tips

Malware Removal

The Zusy.407647 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.407647 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • CAPE detected the Zegost malware family

Related domains:

wpad.local-net

How to determine Zusy.407647 (B)?



File Info:

name: FA9ABBA78BDB5501D7A8.mlw
path: /opt/CAPEv2/storage/binaries/c3e83f6854acae7cc9979ff08885794031511389969d87a9d2f61b1fdd6dd943
crc32: 7A478ABE
md5: fa9abba78bdb5501d7a8b041eed3be91
sha1: 7a729a4f0a05583efc3ce9cd2248ba9ff7b02286
sha256: c3e83f6854acae7cc9979ff08885794031511389969d87a9d2f61b1fdd6dd943
sha512: c74aa203174608712d1e0c2a364cf17b74fced6f018962381c7771c459c5f8a6f01d145f79424793392190bf64692ba5b04d62896f25af28ff2f44dbf5988ebf
ssdeep: 24576:7s2ccVTiXdIHDUu849GBqnFKWbNuUtSOkik9eZY:7s2ccVCajU949GB8FwOkikwY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12255BD05B416970CC05A20B24CD2FA79E3F5B56948134A2A37A3FF1EBD6C6C0A551BBF
sha3_384: 5e4c44cddc8c0b029d3977eafdc131725e8a171d0c0f84490831eb272cac4b56d4c272a6db46326d3514335fcc856425
ep_bytes: f97205dde537efee6072086be6abafde
timestamp: 2019-11-09 18:24:07


Version Info:

FileVersion: 1.0.0.0
FileDescription: Windows 配置程序
ProductName: Windows 核心进程
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Zusy.407647 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.407647
FireEyeGeneric.mg.fa9abba78bdb5501
CAT-QuickHealTrojan.GenericRI.S23102915
McAfeeFlyagent.d
CylanceUnsafe
K7AntiVirusTrojan ( 0040f54a1 )
K7GWTrojan ( 0040f54a1 )
Cybereasonmalicious.f0a055
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Flyagent.NGX
APEXMalicious
ClamAVWin.Dropper.Gh0stRAT-9789289-0
KasperskyVHO:Trojan.Win32.Miancha.gen
BitDefenderGen:Variant.Zusy.407647
NANO-AntivirusVirus.Win32.Agent.dvixmz
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.11d82c58
Ad-AwareGen:Variant.Zusy.407647
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
DrWebTrojan.DownLoader30.33448
McAfee-GW-EditionBehavesLike.Win32.PUPXAA.tc
EmsisoftGen:Variant.Zusy.407647 (B)
IkarusTrojan.Win32.FlyAgent
GDataWin32.Trojan.Flyagent.A
JiangminTrojan.Agent.dquz
eGambitUnsafe.AI_Score_100%
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34D1069
MicrosoftBackdoor:Win32/Zegost.CI!bit
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.BHO.C23372
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.rr2@aCkA5gfb
ALYacGen:Variant.Zusy.407647
MAXmalware (ai score=82)
VBA32BScope.Trojan.Dynamer
MalwarebytesTrojan.MalPack.FlyStudio
RisingTrojan.Kryptik!1.AAD1 (CLASSIC)
YandexTrojan.Siscos!l9rTDY947q0
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Zusy.407647 (B)?

Zusy.407647 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment