Malware

About “Zusy.413908” infection

Malware Removal

The Zusy.413908 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.413908 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Zusy.413908?



File Info:

name: 859282D8CE186546821B.mlw
path: /opt/CAPEv2/storage/binaries/d5b403f9e90e425e2d1ee907f82f4621ca734e9d365a61de73952b7dc0447e06
crc32: A30C336D
md5: 859282d8ce186546821b3e6f930f3374
sha1: c40edefece181f94e634c734bdf12a35fc9512a2
sha256: d5b403f9e90e425e2d1ee907f82f4621ca734e9d365a61de73952b7dc0447e06
sha512: 21db53d6e74423927913abc1e1f3a710e09cc3802293301ac0eb30948dcbd56ca533dcef0a91a4b05503e4dfc241a67da7e64137169bbc4068e72ba901e298f0
ssdeep: 12288:ampPe7WnID6NuKZgCUbtRwBwVxkZd/6mDCYnjgJq+XDL+LnYgzq+sk8k8k8k:PpP1aOuKZTUTb6xtsXDL+LjzqeFFF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13CE59B1974DC50C6C82E40B1A2A6C7F7E6EDF5704F043DBE46A429E9C23A09FA5F153A
sha3_384: f3e46f676950644fac674d55310a186bab4af87b938adf772835023a3f3cfbeb0d17232ae53eb199b2ff66cabcb48869
ep_bytes: 558bec6aff68f811400068f488470064
timestamp: 2022-01-28 14:58:46


Version Info:

0: [No Data]

Zusy.413908 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.413908
FireEyeGeneric.mg.859282d8ce186546
McAfeeGenericRXAA-AA!859282D8CE18
CylanceUnsafe
ZillyaDownloader.Deyma.Win32.463
SangforSpyware.Win32.Stealer.bblv
K7AntiVirusRiskware ( 00584baa1 )
K7GWRiskware ( 00584baa1 )
BitDefenderThetaGen:NN.ZexaE.34212.4kZ@ay8Oxol
SymantecPacked.Generic.497
ESET-NOD32a variant of Generik.BDEHWDD
TrendMicro-HouseCallTROJ_GEN.R002H0CB622
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Stealer.bblv
BitDefenderGen:Variant.Zusy.413908
AvastWin32:BotX-gen [Trj]
RisingBackdoor.Mokes!1.CECE (CLOUD)
Ad-AwareGen:Variant.Zusy.413908
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.vz
EmsisoftGen:Variant.Zusy.413908 (B)
IkarusTrojan.Win32.Generic
GDataWin32.Trojan.PSE.FIJN9A
WebrootW32.Trojan.Gen
Antiy-AVLTrojan/Generic.ASMalwS.351F811
GridinsoftRansom.Win32.Sabsik.sa
ZoneAlarmTrojan-Spy.Win32.Stealer.bblv
MicrosoftTrojan:Win32/Sabsik!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R470891
ALYacGen:Variant.Zusy.413908
MAXmalware (ai score=84)
VBA32BScope.Trojan.Sabsik.FL
MalwarebytesTrojan.Amadey
APEXMalicious
TencentMalware.Win32.Gencirc.11e7d953
YandexTrojan.Agent!K0BbO1QMM5Y
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.139252099.susgen
FortinetW32/PossibleThreat
AVGWin32:BotX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Zusy.413908?

Zusy.413908 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment