Malware

Zusy.412748 information

Malware Removal

The Zusy.412748 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.412748 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Zusy.412748?



File Info:

name: F356D0770EFE85577737.mlw
path: /opt/CAPEv2/storage/binaries/73b750ce8cdc0964daed3b24f682f3216d296db119b4682ff7a724e04350217b
crc32: 70745D24
md5: f356d0770efe855777378433f63a728c
sha1: b9bf77472f5b7405c379439cbcbf294ea98caa72
sha256: 73b750ce8cdc0964daed3b24f682f3216d296db119b4682ff7a724e04350217b
sha512: 50e55a67aad66c7815322b8ba6bfc7311b60da53a81d4fd4841f6fd0fb104fbc2baedd4ce92564135a42da7f5dbd89bd250385f472d3bb0e8e98c6cd149d6ed4
ssdeep: 98304:pRbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh:pR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFF66BB17688ED95E4D52730482BBFE419BCFC8598954383B1E83B4F797738025A226F
sha3_384: 40a4da7bcc63534832fd6aab7535c56c3c2a1d386fe577680ae48de004d6437bd9e268266c908119e9e38e0cbf21191f
ep_bytes: e897660000e978feffffcccccccccccc
timestamp: 2021-06-23 04:20:56


Version Info:

FileVersion: 21.29.120.69
InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translation: 0x0129 0x07b2

Zusy.412748 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.412748
FireEyeGeneric.mg.f356d0770efe8557
McAfeeGenericRXAA-AA!F356D0770EFE
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3675825
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOAT
APEXMalicious
ClamAVWin.Trojan.Generic-9935605-0
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.Zusy.412748
AvastWin32:AceCrypter-B [Cryp]
Ad-AwareGen:Variant.Zusy.412748
EmsisoftTrojan.Crypt (A)
DrWebTrojan.Siggen16.36385
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.RansomWannaCry.vh
SophosML/PE-A + Mal/Agent-AWV
IkarusTrojan.Win32.Crypt
JiangminTrojan.Stop.ctn
Antiy-AVLTrojan/Generic.ASMalwS.350F30B
MicrosoftRansom:Win32/StopCrypt.PAO!MTB
GDataWin32.Trojan.BSE.12FNXDY
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GEE.R466166
BitDefenderThetaGen:NN.ZexaF.34182.@t0@aijIbdge
ALYacGen:Variant.Zusy.412748
MAXmalware (ai score=87)
VBA32BScope.TrojanSpy.Stealer
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallMal_Tofsee
RisingTrojan.Kryptik!1.DB29 (CLASSIC)
YandexTrojan.Kryptik!LYvh+YcFuPc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/GenKryptik.ERHN!tr
AVGWin32:AceCrypter-B [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Zusy.412748?

Zusy.412748 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment