Malware

What is “Zusy.408468”?

Malware Removal

The Zusy.408468 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.408468 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Zusy.408468?



File Info:

name: 41B5163057AEA8F36C38.mlw
path: /opt/CAPEv2/storage/binaries/d2144740a63140549bcae09c5280b1c59d9980252884e0ff022f3dec8508819c
crc32: 69459504
md5: 41b5163057aea8f36c38f5bd43f462e1
sha1: c18660052b5baf79100b0374f024aa19aa85261f
sha256: d2144740a63140549bcae09c5280b1c59d9980252884e0ff022f3dec8508819c
sha512: db13c88b6ddcf6ed6a6daef19ebe16790ba41bae0df224e2eda841c1b91c703f1ba2f3899ef891e6a35ecb1e666cd7f32adfa7382c875a8460764716e4ec3bfd
ssdeep: 98304:J/S1OeXeevv2R52xjkpSlnI2VaBC3FLOAkGkzdnEVomFHKnPG:J/un2RKBI2VaB4FLOyomFHKnPG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D206C0317D895079D4631232CB9D73F9A1AEBDB0273602A7719C3E2E7F316825939923
sha3_384: 0cffd40d93183caa8d74b1eb783595dd6f19fce09e849c922a5bc6d833ff8477ae9c705476b1e744e07fc973e72bf45a
ep_bytes: e8c4930000e97ffeffff3b0d30f15e00
timestamp: 2019-11-15 01:32:06


Version Info:

CompanyName: Slide material template
FileDescription: Slide material template
FileVersion: 33.2.2.0
InternalName: pptSoft.exe
LegalCopyright: Copyright(c) 2019 Slide material template Co., Ltd.
OriginalFilename: pptSoft.exe
ProductName: Slide material template
ProductVersion: 33.2.2.0
Translation: 0x0804 0x04b0

Zusy.408468 also known as:

LionicRiskware.Win32.YXdown.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.408468
FireEyeGen:Variant.Zusy.408468
ALYacGen:Variant.Zusy.408468
CylanceUnsafe
ZillyaTool.YouXun.Win32.1468
SangforPUP.Win32.YXdown.vho
CrowdStrikewin/grayware_confidence_60% (W)
AlibabaDownloader:Win32/YXdown.29e67f2a
K7GWRiskware ( 0053170d1 )
K7AntiVirusRiskware ( 0053170d1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/RiskWare.YouXun.S
Kasperskynot-a-virus:HEUR:Downloader.Win32.YXdown.vho
BitDefenderGen:Variant.Zusy.408468
AvastWin32:MiscX-gen [PUP]
EmsisoftGen:Variant.Zusy.408468 (B)
TrendMicroTROJ_GEN.R002C0WKR21
McAfee-GW-EditionBehavesLike.Win32.Dropper.wh
SophosGeneric PUA MB (PUA)
JiangminDownloader.YXdown.fq
Antiy-AVLTrojan/Generic.ASMalwS.350E612
MicrosoftProgram:Win32/Wacapew.C!ml
ViRobotAdware.Youxun.4002304.A
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.YXdown.vho
GDataGen:Variant.Zusy.408468
CynetMalicious (score: 100)
McAfeeGenericRXAA-AA!41B5163057AE
MAXmalware (ai score=89)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.2783458727
TrendMicro-HouseCallTROJ_GEN.R002C0WKR21
RisingAdware.YouXun!1.D190 (CLOUD)
YandexPUA.Downloader!dW4TDyduosQ
MaxSecureTrojan.Malware.74702802.susgen
FortinetRiskware/YouXun
BitDefenderThetaGen:NN.ZexaE.34182.0×0@aCqUiylb
AVGWin32:MiscX-gen [PUP]
PandaTrj/GdSda.A

How to remove Zusy.408468?

Zusy.408468 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment