Malware

Zusy.407961 removal guide

Malware Removal

The Zusy.407961 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.407961 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Network activity detected but not expressed in API logs
  • CAPE detected the RedLine malware family

How to determine Zusy.407961?



File Info:

name: 586E81BB81F2C924023A.mlw
path: /opt/CAPEv2/storage/binaries/6709fd5f621ff78ace37d46f3a6a4d582b56d6da4fd116334c34966325d934d1
crc32: A8E4625A
md5: 586e81bb81f2c924023a25a2175f0a38
sha1: ca16c2ad0277df64dcf5869a183bdcbcd7fa3638
sha256: 6709fd5f621ff78ace37d46f3a6a4d582b56d6da4fd116334c34966325d934d1
sha512: fca580952fa7249cb9599a902b8a6baeac1270a0cbf11af7ce75b852066e704be7a7b03e616b3aca6d5e1de4c1cf7b7efaf5f15349281535e763857707ed3df8
ssdeep: 24576:TaNHj6u68VfT16eK6q9CwV3it64KJm2FFF:GHjQ8M3itH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE350E1244D2E0ECD67910F3D595DBEBB29F85B00F4EBBA109A333FD64582B44E96B60
sha3_384: 7a881d54eb77fb925ff4cc3072690a09607308ba13fa8aa06a3a7bed7b27bdae4f33a63ed5713cc6b771197aa0854cf2
ep_bytes: 6a606820d24700e821070000bf940000
timestamp: 2021-11-15 15:46:31


Version Info:

CompanyName: NBZ LTD.
FileDescription: MultiX
FileVersion: 1.5.2.0
InternalName: multi_x.exe
LegalCopyright: Copyright (C) 2020 NBZ LTD.
OriginalFilename: multi_x.exe
ProductName: MultiX
ProductVersion: 1.5.2.0
Translation: 0x0419 0x04b0

Zusy.407961 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.407961
FireEyeGeneric.mg.586e81bb81f2c924
McAfeeArtemis!586E81BB81F2
CylanceUnsafe
K7AntiVirusTrojan ( 0058ab001 )
AlibabaTrojanSpy:Win32/Stealer.9a2fbfc3
K7GWTrojan ( 0058ab001 )
Cybereasonmalicious.d0277d
CyrenW32/Kryptik.FQE.gen!Eldorado
SymantecPacked.Generic.497
ESET-NOD32a variant of Win32/Agent_AGen.IJ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Zusy.407961
AvastWin32:TrojanX-gen [Trj]
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
Ad-AwareGen:Variant.Zusy.407961
SophosMal/Generic-S
DrWebTrojan.DownLoader44.2125
McAfee-GW-EditionBehavesLike.Win32.Lockbit.tm
EmsisoftGen:Variant.Zusy.407961 (B)
JiangminTrojanSpy.Stealer.iex
WebrootW32.Malware.Gen
AviraTR/Spy.Stealer.mullf
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.1K5MC0W
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R452723
BitDefenderThetaGen:NN.ZexaF.34294.gr3@ainSONic
ALYacGen:Variant.Zusy.407961
MAXmalware (ai score=83)
VBA32Trojan.Downloader
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_GEN.R002H0CKM21
TencentWin32.Trojan-spy.Stealer.Swbm
YandexTrojan.Agent_AGen!p6dqrGH+IFQ
FortinetW32/Agent_AGen.IJ!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.407961?

Zusy.407961 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment