Malware

Zusy.408253 removal instruction

Malware Removal

The Zusy.408253 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.408253 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Korean
  • Authenticode signature is invalid

How to determine Zusy.408253?



File Info:

name: 64395C80C69A8BE0A957.mlw
path: /opt/CAPEv2/storage/binaries/513aadf0df04e2eb7225a5342750c45aa5d3f3d15d60b5bff23c0fdc4e25ce89
crc32: 61002BCA
md5: 64395c80c69a8be0a957271432764782
sha1: 7f4cbc585cf15d61ea75e7bec22797603376ac89
sha256: 513aadf0df04e2eb7225a5342750c45aa5d3f3d15d60b5bff23c0fdc4e25ce89
sha512: 805a57c1bccb893c57e47058cf18d0e1776f31e1136dc147639a0fff1495fed27b6a5ba9d515e4d45faab99e39d911f11d015476453582e41141aa95247dcc51
ssdeep: 6144:Cga47qsA5osL8zhfo0Ni+jerdbeen0kFv5IcLShI5Vl:SpL2loSi+ydbeki6SGr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19584B2D376818C36FD5331FECA76829D67AB6D115A2101C366833A0DFAF13927A25E43
sha3_384: 22f8edb18a80b1d7645c18419cbcef40f8edf0ac517e80098d60ab5caeadadc525318a5a6ba850ffdfa0a53a4ddbcc96
ep_bytes: e8e5a50000e916feffff5064ff350000
timestamp: 2021-12-07 08:32:51


Version Info:

FileDescription: PackingTool MFC ?? ????
FileVersion: 1, 0, 0, 1
InternalName: PackingTool
LegalCopyright: Copyright (C) 2003
OriginalFilename: PackingTool.EXE
ProductName: PackingTool ?? ????
ProductVersion: 1, 0, 0, 1
Translation: 0x0412 0x04b0

Zusy.408253 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Zusy.408253
FireEyeGen:Variant.Zusy.408253
McAfeeArtemis!64395C80C69A
AlibabaTrojan:Win32/Generic.e21483a3
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.408253
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11dafe44
TrendMicroTROJ_GEN.R002C0WLA21
McAfee-GW-EditionArtemis
EmsisoftGen:Variant.Zusy.408253 (B)
GDataGen:Variant.Zusy.408253
JiangminTrojan.Generic.hdobb
ArcabitTrojan.Zusy.D63ABD
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.C4788490
MAXmalware (ai score=85)
TrendMicro-HouseCallTROJ_GEN.R002C0WLA21
RisingTrojan.Generic@ML.97 (RDML:WvkMQu3Sq4PIPmsuhR599A)
YandexTrojan.Agent!pacHch1n9SA
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
PandaTrj/GdSda.A

How to remove Zusy.408253?

Zusy.408253 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment