Malware

How to remove “Zusy.413698”?

Malware Removal

The Zusy.413698 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.413698 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Zusy.413698?



File Info:

name: E32489E44458F6B0B888.mlw
path: /opt/CAPEv2/storage/binaries/7f2e22d4ac0869d8ff23ec3d47e49982910a8212c13ffcd10fd0e5e4c31a933c
crc32: 08AB56CD
md5: e32489e44458f6b0b888fb5a39b0bf6a
sha1: 8e8d2564ee4b8d2c2381f6567a250f163463d574
sha256: 7f2e22d4ac0869d8ff23ec3d47e49982910a8212c13ffcd10fd0e5e4c31a933c
sha512: e7343ce755039f2b13d8bab74b36eab4e4a384acd00dbaf8d461d622fda5b04bebacb89442e92f6340559d3f00b6a9cae7814ba18bb182289e3ef278ccd4e727
ssdeep: 3072:PZH+Nn351N+RlNkHK3w4KEJ7oc6TFbijsxKxjaR9VBi98exyNTWibSyeeXI5Xr:RHInbs173wfksKxOR5i/T04eXIZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16324CF13B210D07AC45AE532E375CDF309626CDDA275250B2FA83E797F727E0992934A
sha3_384: 9ab21e7ca436b611c6688cb5177371cd08fdee1484125f38c357c36fbf43207912705ed7df9a853509b32151211f140f
ep_bytes: e8aa290000e989feffff8bff558bec83
timestamp: 2011-12-13 19:23:31


Version Info:

CompanyName: LSI Systems
FileDescription: SQL Console
FileVersion: 3.0.1.5
InternalName: SQL Console
LegalCopyright: Copyright (C) 2006 - 2011 LSI Systems
OriginalFilename: SQL Client Program
ProductName: SQL Client Program
ProductVersion: 3.0.1.5
Translation: 0x0409 0x04b0

Zusy.413698 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.e32489e44458f6b0
CAT-QuickHealTrojanPWS.Zbot.Y
McAfeePWS-Zbot.gen.nc
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003c36381 )
AlibabaTrojanSpy:Win32/Generic.dc90fb8b
K7GWTrojan ( 003c36381 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Generic.AVCA
SymantecPacked.Generic.368
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
ClamAVWin.Trojan.Zbot-51774
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.413698
NANO-AntivirusTrojan.Win32.Zbot.gsjrj
ViRobotTrojan.Win32.A.Zbot.229376.E
MicroWorld-eScanGen:Variant.Zusy.413698
AvastWin32:Dropper-JMA [Trj]
TencentMalware.Win32.Gencirc.114925ba
Ad-AwareGen:Variant.Zusy.413698
EmsisoftGen:Variant.Zusy.413698 (B)
ComodoTrojWare.Win32.Kryptik.ALYA@4uq37k
DrWebTrojan.PWS.Mailer.26
ZillyaDropper.Injector.Win32.6294
TrendMicroTROJ_FRS.0NA103BL20
McAfee-GW-EditionBehavesLike.Win32.ZBot.dc
SophosMal/Generic-R + Mal/Ransom-AL
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.413698
JiangminTrojanSpy.Zbot.bkbr
WebrootW32.Malware.Gen
AviraTR/Crypt.XPACK.Gen5
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.131B18
ArcabitTrojan.Zusy.D65002
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
AhnLab-V3Trojan/Win32.Agent.C146522
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.oq0@aeuNgJdc
ALYacGen:Variant.Zusy.413698
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.4155945122
TrendMicro-HouseCallTROJ_FRS.0NA103BL20
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!H46iKlVIogI
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.3406893.susgen
FortinetW32/Kryptik.HCLG!tr
AVGWin32:Dropper-JMA [Trj]
Cybereasonmalicious.44458f
PandaTrj/pck_Noupack.a

How to remove Zusy.413698?

Zusy.413698 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment