Malware

About “Zusy.417196” infection

Malware Removal

The Zusy.417196 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Zusy.417196 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Zusy.417196?


File Info:

name: 733D2DF73587E4BD9107.mlw
path: /opt/CAPEv2/storage/binaries/19f2ce2fa14fb93353ac9cfe8464ceca8e6684d04d39972770dab5caf85d500d
crc32: 6EF89CE2
md5: 733d2df73587e4bd9107cb14b50fa05d
sha1: e203ee253f4d0f6d055c3164573a3cee2d793e9a
sha256: 19f2ce2fa14fb93353ac9cfe8464ceca8e6684d04d39972770dab5caf85d500d
sha512: 0bad48bae43d950f9092bf46e8de277ca996420e98904c2d1f9a8a4f5624d72dca252d0556219dfa315c857afb7b221b16e48b4f1a820fe9174278cfd1227991
ssdeep: 12288:ERZdBcxEbpzn2iUd2HgmM7LO4qlY6R1tTWFm:+bpjHqi9R3TWU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E94BE11BA90C035F1F712F859799268B93E7EE19B3050CF62D52AEA57346E4EC3230B
sha3_384: 804aff42cd5803e31692c6892410ff4eabd9064779a21fadcf2ef9eb2c1509dfc02d523343dce7f30b5c77b6cdc34981
ep_bytes: 8bff558bece8a68a0000e8110000005d
timestamp: 2020-10-20 21:22:09

Version Info:

Translations: 0x0025 0x0305

Zusy.417196 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
CynetMalicious (score: 100)
FireEyeGeneric.mg.733d2df73587e4bd
McAfeePacked-GEE!733D2DF73587
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:Win32/Azorult.4ed14d9d
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.53f4d0
CyrenW32/Kryptik.GAJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HOUG
BaiduWin32.Trojan.Kryptik.jm
TrendMicro-HouseCallTROJ_FRS.0NA103CG22
Paloaltogeneric.ml
ClamAVWin.Dropper.Generickdz-9939781-0
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Zusy.417196
MicroWorld-eScanGen:Variant.Zusy.417196
AvastWin32:AceCrypter-O [Cryp]
TencentTrojan-Spy.Win32.Stealer.za
Ad-AwareGen:Variant.Zusy.417196
SophosMal/Generic-S + Troj/Krypt-FV
ComodoMalware@#146r09fl0anri
DrWebTrojan.Siggen17.25768
ZillyaTrojan.Kryptik.Win32.3717447
TrendMicroTROJ_FRS.0NA103CG22
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
SentinelOneStatic AI – Malicious PE
EmsisoftTrojan.Crypt (A)
APEXMalicious
GDataWin32.Trojan.Kryptik.RW
JiangminTrojanSpy.Stealer.qop
WebrootW32.Trojan.Gen
AviraTR/AD.GenSHCode.aoujq
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Azorult.RT!MTB
AhnLab-V3Trojan/Win.MalPE.R477866
Acronissuspicious
VBA32Backdoor.Mokes
ALYacGen:Variant.Zusy.417196
MAXmalware (ai score=86)
MalwarebytesTrojan.MalPack.GS
RisingBackdoor.Tofsee!8.1E9 (CLOUD)
YandexTrojan.Kryptik!tl5H1JiQJ6k
IkarusTrojan-Ransom.StopCrypt
FortinetW32/Kryptik.HOUG!tr
AVGWin32:AceCrypter-O [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.417196?

Zusy.417196 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment