Malware

Should I remove “Zusy.413706”?

Malware Removal

The Zusy.413706 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.413706 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 0.0.0.0:18561, :0, 127.0.0.1:30862
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs an hook procedure to monitor for mouse events
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system

How to determine Zusy.413706?



File Info:

name: E74CFEBB76685DEDFF2F.mlw
path: /opt/CAPEv2/storage/binaries/85364918c65d930c840a175e85d0e39cfe63d7a614b110cbe4439f54c8555fec
crc32: EBFCEB18
md5: e74cfebb76685dedff2f8a482dbf3337
sha1: d7f6a07e526e5697520dceaeb3ab964fc091fd42
sha256: 85364918c65d930c840a175e85d0e39cfe63d7a614b110cbe4439f54c8555fec
sha512: 6cfb5ac2f61448b250ff56ca37766ab9c5bb073792c649ba062b3fea7b2cebfcea92193d590ef9f5e2e065db12cffa6fcf0b69b8f5444e5d68e89a324e4868f1
ssdeep: 6144:1xBgWlYaVlHcvpIAOuY5BohWFHl/98BpcTlBWgoJG4Yp+B10D8W8m:1x+WrV9cvO32hWRl/Qp8lBWY4Y+10A5m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10674BF2272405462C4F2263C58E37936892BEC7C0D36498632BC39DEEE796D774AB3D5
sha3_384: 1c28ac7fd8ab70f940c26f7592702d8d672090821cd36f50061eb0f060593f9caa3614589c1c7b2e22ef83804d34f358
ep_bytes: e8d93b0000e989feffffc7017c624100
timestamp: 2013-04-10 10:36:52


Version Info:

CompanyName: MicroDev Solutions
FileDescription: ODBC Diagnostics Provider
FileVersion: 8.3.3.1
InternalName: diagprov
LegalCopyright: Copyright (C) 2006-2012 - MicroDev Solutions
OriginalFilename: diagprov
ProductName: ODBC Diagnostics Provider
ProductVersion: 8.3.3.1
Translation: 0x1009 0x04b0

Zusy.413706 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.mbi2
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.2977
MicroWorld-eScanGen:Variant.Zusy.413706
FireEyeGeneric.mg.e74cfebb76685ded
CAT-QuickHealTrojanpws.Zbot.26902
McAfeePWS-Zbot-FAPI!E74CFEBB7668
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.884713
SangforTrojan.Win32.Kryptik.AYWC
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Bulta.b48f8728
K7GWTrojan ( 0055dd191 )
K7AntiVirusTrojan ( 0055dd191 )
BitDefenderThetaGen:NN.ZexaF.34212.wq0@a0M5Dmnk
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.AYWC
TrendMicro-HouseCallTSPY_ZBOT.SML0
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.413706
NANO-AntivirusTrojan.Win32.Zbot.crcoqv
AvastWin32:LockScreen-WZ [Trj]
RisingTrojan.Kryptik!8.8 (CLOUD)
Ad-AwareGen:Variant.Zusy.413706
SophosML/PE-A + Mal/EncPk-AKK
ComodoMalware@#1s6iqgipdkz6l
VIPRETrojan.Win32.Reveton.a (v)
TrendMicroTSPY_ZBOT.SML0
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
EmsisoftGen:Variant.Zusy.413706 (B)
IkarusTrojan-Ransom.Foreign
GDataGen:Variant.Zusy.413706
JiangminTrojanSpy.Zbot.drzx
WebrootTrojan.Dropper.Gen
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.1841858
ArcabitTrojan.Zusy.D6500A
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!CI
AhnLab-V3Spyware/Win32.Zbot.R62657
Acronissuspicious
ALYacGen:Variant.Zusy.413706
VBA32BScope.Backdoor.Androm
APEXMalicious
TencentMalware.Win32.Gencirc.114bf636
YandexTrojan.GenAsa!TsZVQYA9134
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.BA!tr
AVGWin32:LockScreen-WZ [Trj]
PandaTrj/Genetic.gen

How to remove Zusy.413706?

Zusy.413706 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment