Malware

How to remove “Zusy.410169”?

Malware Removal

The Zusy.410169 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.410169 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Zusy.410169?



File Info:

name: 8C93459115B1393E655A.mlw
path: /opt/CAPEv2/storage/binaries/2e36236981de6a9f019ffd52d3bad2cda648c35f206bba480406982b488424c6
crc32: 7C1B1F93
md5: 8c93459115b1393e655ab1f708e95916
sha1: d240c699f2a4cb5e1bd6dc277e2980e0dab0e5cd
sha256: 2e36236981de6a9f019ffd52d3bad2cda648c35f206bba480406982b488424c6
sha512: 084544ea72a1c850a31368e2a0d860a2aafe3c088ea266efcad7579ce769fb66b359b0fe3e96492e4baf8314ef9fc67f3dc380c81a474a9aa819cbb57dd8748c
ssdeep: 6144:ydDJm70EztR3+3NQ3X70id0LGgmkLLiQWPyQrXI5pviURwmXRZEPkyR:qEhRO0sGgmk3iQWafFomXRZEPjR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB947C213790D432C26631354E57D379A6BEAD309E36438F2BE47B7D5E301929E28B1E
sha3_384: d023473cd054ef8b097708b135fc994f20c7d28a8ffd15c1d2971a90a956608b8779055090805756a6b7c1024b144a4f
ep_bytes: e8aa4a0000e979feffff3b0d98a24400
timestamp: 2021-12-10 11:27:01


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: ms.exe
LegalCopyright: TODO: (C) 。保留所有权利。
OriginalFilename: ms.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0804 0x03a8

Zusy.410169 also known as:

LionicTrojan.Win32.Lotok.m!c
DrWebTrojan.MulDrop19.14121
MicroWorld-eScanGen:Variant.Zusy.410169
FireEyeGeneric.mg.8c93459115b1393e
ALYacGen:Variant.Zusy.410169
CylanceUnsafe
K7AntiVirusTrojan ( 005256ff1 )
AlibabaBackdoor:Win32/Lotok.36bf5a60
K7GWTrojan ( 005256ff1 )
Cybereasonmalicious.115b13
BitDefenderThetaGen:NN.ZexaF.34084.zu0@au6NqLmj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Farfli.CML
TrendMicro-HouseCallTROJ_GEN.R002H0CLB21
KasperskyHEUR:Backdoor.Win32.Lotok.gen
BitDefenderGen:Variant.Zusy.410169
AvastFileRepMalware
TencentMalware.Win32.Gencirc.11dbde9e
Ad-AwareGen:Variant.Zusy.410169
EmsisoftGen:Variant.Zusy.410169 (B)
McAfee-GW-EditionRDN/Generic BackDoor
SophosMal/Generic-S
IkarusTrojan.Win32.Farfli
GDataGen:Variant.Zusy.410169
JiangminBackdoor.Lotok.age
AviraTR/Farfli.toikn
Antiy-AVLTrojan/Generic.ASMalwS.34E923D
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4840084
McAfeeRDN/Generic BackDoor
MAXmalware (ai score=80)
VBA32BScope.Trojan.SvcHorse.01643
MalwarebytesBackdoor.Farfli
APEXMalicious
YandexTrojan.Farfli!0xSnybAqlgM
FortinetW32/Farfli.CML!tr
AVGFileRepMalware
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.410169?

Zusy.410169 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment