Categories: Malware

How to remove “Zusy.408110”?

The Zusy.408110 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.408110 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Spanish (Paraguay)
The binary likely contains encrypted or compressed data.
Looks up the external IP address
Authenticode signature is invalid
Network activity contains more than one unique useragent.
CAPE detected the OnlyLogger malware family
Attempts to modify proxy settings
Created network traffic indicative of malicious activity

Related domains:

hypecreator.top

iplogger.org

api.ip.sb

freegeoip.app

How to determine Zusy.408110?


File Info:
name: 1A34EA10DF63D750683A.mlwpath: /opt/CAPEv2/storage/binaries/39a1abb4c73aa504755ac605a4b2de275c550dafb5fe8d8637f0257ce3030075crc32: 08B5F088md5: 1a34ea10df63d750683a4f3e2161f743sha1: ef4ec7c0fd688244ab348e9203e3d7b97bcf3e29sha256: 39a1abb4c73aa504755ac605a4b2de275c550dafb5fe8d8637f0257ce3030075sha512: 0d4de9559ce85036e8c0144b5e756c66318cd48f622751385aeadfd4d9f561c17db37739c88fe4678c631b347ddd8e3547394982cd62bf082f31c78f9662271bssdeep: 6144:/QpEG6nMkIW4s4tX2aAlwwMS/iAXf61Ze2MczBNkOU57U7jOt/9gtroH:YGGaHIDtKXMSa/vepczBNfUBft/EoHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T19F84D010A7A0C03AF1B716F4897993B9A93E7EA16734A0CF52D426EA56356E0FC30717sha3_384: d7c874c0a97221b7253811328c69f46a0aec1069ccef24058debc233cf8c0a741b504af2a9a251b352dd431150e7cdcaep_bytes: 8bff558bece806030000e8110000005dtimestamp: 2020-12-27 19:32:35
Version Info:
0: [No Data]

Zusy.408110 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.1a34ea10df63d750
McAfee	Artemis!1A34EA10DF63
Cylance	Unsafe
K7AntiVirus	Trojan ( 0058a5a11 )
Alibaba	TrojanPSW:Win32/Azorult.63828cfb
K7GW	Trojan ( 0058a5a11 )
Cybereason	malicious.0fd688
Baidu	Win32.Trojan.Kryptik.jm
Cyren	W32/Kryptik.FQI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNKJ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.Win32.Tepfer.gen
BitDefender	Gen:Variant.Zusy.408110
MicroWorld-eScan	Gen:Variant.Zusy.408110
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Zusy.408110
Emsisoft	Trojan.Crypt (A)
Comodo	TrojWare.Win32.Agent.gagtl@0
DrWeb	Trojan.DownLoader44.4993
TrendMicro	TROJ_GEN.R002C0RKN21
McAfee-GW-Edition	BehavesLike.Win32.Injector.fh
Sophos	Mal/Generic-R + Troj/Krypt-DY
Ikarus	Trojan.Agent
GData	Win32.Trojan.BSE.WS9D4D
Jiangmin	TrojanSpy.Stealer.igz
eGambit	Unsafe.AI_Score_95%
Avira	TR/Crypt.Agent.tcsmz
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Sabsik.sa
Arcabit	Trojan.Zusy.D63A2E
Microsoft	Trojan:Win32/Azorult.RMA!MTB
AhnLab-V3	CoinMiner/Win.Glupteba.R452345
Acronis	suspicious
ALYac	Gen:Variant.Zusy.408110
MAX	malware (ai score=89)
VBA32	BScope.Trojan.Krypter
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	TROJ_GEN.R002C0RKN21
Rising	Malware.Obscure/Heur!1.A89F (CLASSIC)
Yandex	Trojan.GenKryptik!O/EY6FSJ2p0
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FSC!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)