Categories: Malware

Zusy.412709 removal

The Zusy.412709 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.412709 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Serbian
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Enumerates services, possibly for anti-virtualization
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
CAPE detected the Tofsee malware family
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Zusy.412709?


File Info:
name: D3F1052BBD8FFA25610B.mlwpath: /opt/CAPEv2/storage/binaries/26eb17c5803c05aae04cfc87828cf3f298dabb6eaeec1a7357cd12908ae40dedcrc32: 7B71D8D5md5: d3f1052bbd8ffa25610b6370bd0e6dcbsha1: 26e68b4be1c0d064f153e5a0749810f111d54931sha256: 26eb17c5803c05aae04cfc87828cf3f298dabb6eaeec1a7357cd12908ae40dedsha512: 6da0481e801ac86f35090be57942e0ce83ff1ae0de5e713845b418b7bfc7b54682163584ee9645b77e6f8785045736b06c45860c6186ab8ff475dbc57a829b19ssdeep: 24576:0veOKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3:02type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14DB67DB1BA949540E4962730892BDFF05AADFC746C50138331E43B8EFE7B740295A66Fsha3_384: 4b1155b41c8dfea1a752588c28b8b612bd477aa2ac5e7f483f7c20d108a6a043633b34d5cad46c55dab47176140355caep_bytes: e80c500000e979feffff832544c14300timestamp: 2021-07-24 08:13:20
Version Info:
FileVersion: 21.29.120.69InternationalName: bomgvioci.iwaCopyright: Copyrighz (C) 2021, fudkortaProjectVersion: 1.10.70.57Translations: 0x0121 0x03ca

Zusy.412709 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen16.37089
MicroWorld-eScan	Gen:Variant.Zusy.412709
FireEye	Generic.mg.d3f1052bbd8ffa25
McAfee	Packed-GEE!D3F1052BBD8F
Malwarebytes	Trojan.MalPack.GS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0058d5cd1 )
BitDefender	Gen:Variant.Zusy.412709
K7GW	Trojan ( 0058d5cd1 )
Cybereason	malicious.be1c0d
BitDefenderTheta	Gen:NN.ZexaF.34182.@t0@ayMCNypG
Cyren	W32/Qbot.FK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HOBF
ClamAV	Win.Malware.Generic-9936948-0
Kaspersky	HEUR:Trojan-Ransom.Win32.Stop.gen
Rising	Ransom.Stop!8.10810 (TFE:dGZlOgWuuorQ6sKSKw)
Ad-Aware	Gen:Variant.Zusy.412709
Emsisoft	Trojan.Crypt (A)
Zillya	Trojan.Kryptik.Win32.3679125
McAfee-GW-Edition	BehavesLike.Win32.RansomWannaCry.vh
Sophos	ML/PE-A + Mal/Agent-AWV
Ikarus	Trojan-Ransom.StopCrypt
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.350FB2A
Microsoft	Ransom:Win32/StopCrypt.PAQ!MTB
GData	Win32.Trojan.BSE.12FNXDY
Cynet	Malicious (score: 100)
AhnLab-V3	Packed/Win.GEE.R466702
Acronis	suspicious
VBA32	BScope.Trojan.Convagent
Cylance	Unsafe
Panda	Trj/GdSda.A
APEX	Malicious
Yandex	Trojan.Kryptik!3p1PQ2ym3fA
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Kryptik.HOCG!tr
AVG	Win32:AceCrypter-B [Cryp]
Avast	Win32:AceCrypter-B [Cryp]
CrowdStrike	win/malicious_confidence_70% (D)