Malware

Zusy.413585 malicious file

Malware Removal

The Zusy.413585 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.413585 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Hungarian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Creates a copy of itself
  • Created a service that was not started
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Zusy.413585?



File Info:

name: C6E98DDAC29E544D6074.mlw
path: /opt/CAPEv2/storage/binaries/7e3a54eb1b86210c4566d6b90ef313f7f63146e7727234396fd7f27b200941c7
crc32: 884B50DE
md5: c6e98ddac29e544d607482953f13294e
sha1: 40fd5fddb2a4e47cc19db3bf5700a082d8b89531
sha256: 7e3a54eb1b86210c4566d6b90ef313f7f63146e7727234396fd7f27b200941c7
sha512: 2e39a9c164a6ca844ec5a88056ffcbabe9ac225e54690e7681abbdd943730b8ce3743febf509ce6b1284665fc898abdd3530bb3137fbcfaba4ead3bad2741fbd
ssdeep: 24576:grxyf/XVkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkwkH:Oxyfv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170C64AC077E294B9E2E27A7099755F90963BBC02EB3056DB3237370E1B756D09931B22
sha3_384: 3af301d1327abc057dc69cdcfc7a19caa6a05da000b12b41bf5288896f612f0e8a7ca28ee02463bd9e1f54fa096bd057
ep_bytes: e885310000e979feffff8bff558bec8b
timestamp: 2021-05-02 06:11:08


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.14.72.77
Translation: 0x0129 0x07bc

Zusy.413585 also known as:

BkavW32.AIDetect.malware1
CynetMalicious (score: 100)
FireEyeGeneric.mg.c6e98ddac29e544d
CAT-QuickHealTrojan.RaccryptPMF.S25811312
ALYacGen:Variant.Zusy.413585
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3667454
SangforTrojan.Win32.Save.a
K7GWTrojan ( 0058c5671 )
K7AntiVirusTrojan ( 0058c5671 )
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNVD
APEXMalicious
ClamAVWin.Dropper.Lockbit-9917808-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Zusy.413585
MicroWorld-eScanGen:Variant.Zusy.413585
AvastWin32:CrypterX-gen [Trj]
Ad-AwareGen:Variant.Zusy.413585
SophosML/PE-A + Mal/Agent-AWV
DrWebTrojan.Siggen16.20244
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.Packed.wh
EmsisoftGen:Variant.Zusy.413585 (B)
IkarusTrojan.Win32.Crypt
JiangminTrojanSpy.Stealer.mke
AviraTR/Crypt.EPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.35047A5
MicrosoftRansom:Win32/StopCrypt.MZD!MTB
ZoneAlarmHEUR:Trojan-Spy.Win32.Stealer.gen
GDataWin32.Trojan.BSE.1YP9VDC
AhnLab-V3Infostealer/Win.Raccoon.R461263
Acronissuspicious
McAfeeLockbit-FSWW!C6E98DDAC29E
MAXmalware (ai score=85)
VBA32BScope.Trojan.Convagent
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallMal_Tofsee
RisingSpyware.Stealer!8.3090 (RDMK:cmRtazqJDr1a6aT8HOzAq74GcP11)
YandexTrojan.Kryptik!KxYT7pYN6e8
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.HOCG!tr
BitDefenderThetaGen:NN.ZexaF.34182.@xW@aChNWonK
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.db2a4e
PandaTrj/GdSda.A

How to remove Zusy.413585?

Zusy.413585 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment