Malware

Zusy.408506 malicious file

Malware Removal

The Zusy.408506 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.408506 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Panama)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

Related domains:

crl.verisign.com

How to determine Zusy.408506?



File Info:

name: 4BE66781F1AF5F1D6647.mlw
path: /opt/CAPEv2/storage/binaries/47c2d48fe27925a1ccdc8c29f7a527e2aef23600d75a034b2bc6f2b50f3c4846
crc32: E82D3588
md5: 4be66781f1af5f1d664731b4698753bd
sha1: e5dbe409a5ba3a4b7ed86f8ccba0f93c80d91ca8
sha256: 47c2d48fe27925a1ccdc8c29f7a527e2aef23600d75a034b2bc6f2b50f3c4846
sha512: dfa22247f2bc452e39917d0e709feefd57428d5015581cd75bbf24b9bec1d08d607ac2f9493dfa45b1c6c32538ca9558576d50b4ca406135991d3c79de06b384
ssdeep: 6144:JL20cqiwyaeRJl+VvATTp61Bzej2QjerJ7sCQW3:JS0ocqcV+Tp61BzeqBJ78W3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13784BF10ABA0C038F5B716F449BAD3B5B93F7EE1AB6490CB529126EE56756E0DC30307
sha3_384: 27c730937e358096cabcb33c5fb00709f8e54dc89958f5272bfc9f230dc80b90d20c3a2221921aa84f6863fa47d4bb0e
ep_bytes: 8bff558bece806030000e8110000005d
timestamp: 2021-01-27 11:52:17


Version Info:

0: [No Data]

Zusy.408506 also known as:

LionicTrojan.Win32.Jaik.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.408506
FireEyeGeneric.mg.4be66781f1af5f1d
McAfeeRDN/Generic.grp
MalwarebytesTrojan.MalPack.GS
K7AntiVirusTrojan ( 0058a5a11 )
BitDefenderGen:Variant.Zusy.408506
K7GWTrojan ( 0058a5a11 )
BaiduWin32.Trojan.Kryptik.jm
CyrenW32/Kryptik.FSC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNKV
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
AlibabaMalware:Win32/km_24af8.None
RisingMalware.Obscure/Heur!1.A89F (CLASSIC)
Ad-AwareGen:Variant.Zusy.408506
SophosML/PE-A
DrWebTrojan.PWS.Steam.22509
TrendMicroTROJ_GEN.R03FC0DKQ21
McAfee-GW-EditionRDN/Generic.grp
EmsisoftGen:Variant.Zusy.408506 (B)
SentinelOneStatic AI – Malicious PE
eGambitPE.Heur.InvalidSig
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Azorult.RMA!MTB
GridinsoftRansom.Win32.Sabsik.sa
GDataWin32.Trojan.PSE.1YFAP3V
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Stop.R452790
Acronissuspicious
ALYacGen:Variant.Zusy.408506
VBA32BScope.Trojan.Krypter
CylanceUnsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R03FC0DKQ21
YandexTrojan.Kryptik!PR+JnGL4oEc
IkarusTrojan.Agent
FortinetW32/PossibleThreat
AVGWin32:BotX-gen [Trj]
AvastWin32:BotX-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.408506?

Zusy.408506 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment