Malware

How to remove “Zusy.408110”?

Malware Removal

The Zusy.408110 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.408110 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Paraguay)
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • CAPE detected the OnlyLogger malware family
  • Attempts to modify proxy settings
  • Created network traffic indicative of malicious activity

Related domains:

hypecreator.top
iplogger.org
api.ip.sb
freegeoip.app

How to determine Zusy.408110?


File Info:

name: 1A34EA10DF63D750683A.mlw
path: /opt/CAPEv2/storage/binaries/39a1abb4c73aa504755ac605a4b2de275c550dafb5fe8d8637f0257ce3030075
crc32: 08B5F088
md5: 1a34ea10df63d750683a4f3e2161f743
sha1: ef4ec7c0fd688244ab348e9203e3d7b97bcf3e29
sha256: 39a1abb4c73aa504755ac605a4b2de275c550dafb5fe8d8637f0257ce3030075
sha512: 0d4de9559ce85036e8c0144b5e756c66318cd48f622751385aeadfd4d9f561c17db37739c88fe4678c631b347ddd8e3547394982cd62bf082f31c78f9662271b
ssdeep: 6144:/QpEG6nMkIW4s4tX2aAlwwMS/iAXf61Ze2MczBNkOU57U7jOt/9gtroH:YGGaHIDtKXMSa/vepczBNfUBft/EoH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F84D010A7A0C03AF1B716F4897993B9A93E7EA16734A0CF52D426EA56356E0FC30717
sha3_384: d7c874c0a97221b7253811328c69f46a0aec1069ccef24058debc233cf8c0a741b504af2a9a251b352dd431150e7cdca
ep_bytes: 8bff558bece806030000e8110000005d
timestamp: 2020-12-27 19:32:35

Version Info:

0: [No Data]

Zusy.408110 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.1a34ea10df63d750
McAfeeArtemis!1A34EA10DF63
CylanceUnsafe
K7AntiVirusTrojan ( 0058a5a11 )
AlibabaTrojanPSW:Win32/Azorult.63828cfb
K7GWTrojan ( 0058a5a11 )
Cybereasonmalicious.0fd688
BaiduWin32.Trojan.Kryptik.jm
CyrenW32/Kryptik.FQI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNKJ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-PSW.Win32.Tepfer.gen
BitDefenderGen:Variant.Zusy.408110
MicroWorld-eScanGen:Variant.Zusy.408110
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.408110
EmsisoftTrojan.Crypt (A)
ComodoTrojWare.Win32.Agent.gagtl@0
DrWebTrojan.DownLoader44.4993
TrendMicroTROJ_GEN.R002C0RKN21
McAfee-GW-EditionBehavesLike.Win32.Injector.fh
SophosMal/Generic-R + Troj/Krypt-DY
IkarusTrojan.Agent
GDataWin32.Trojan.BSE.WS9D4D
JiangminTrojanSpy.Stealer.igz
eGambitUnsafe.AI_Score_95%
AviraTR/Crypt.Agent.tcsmz
KingsoftWin32.PSWTroj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Zusy.D63A2E
MicrosoftTrojan:Win32/Azorult.RMA!MTB
AhnLab-V3CoinMiner/Win.Glupteba.R452345
Acronissuspicious
ALYacGen:Variant.Zusy.408110
MAXmalware (ai score=89)
VBA32BScope.Trojan.Krypter
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002C0RKN21
RisingMalware.Obscure/Heur!1.A89F (CLASSIC)
YandexTrojan.GenKryptik!O/EY6FSJ2p0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.FSC!tr
WebrootW32.Trojan.Gen
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.408110?

Zusy.408110 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment