Malware

Zusy.419750 (B) removal

Malware Removal

The Zusy.419750 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.419750 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Zusy.419750 (B)?



File Info:

name: D29665BE7D95B81A3443.mlw
path: /opt/CAPEv2/storage/binaries/611b1e1bf7590f0694d4c548f77967c46834e49a0a01c7e0de8ed5664e6faa32
crc32: 261AA6D3
md5: d29665be7d95b81a34438e477a3f3032
sha1: e78780068944c5836279d947115133592fd890f0
sha256: 611b1e1bf7590f0694d4c548f77967c46834e49a0a01c7e0de8ed5664e6faa32
sha512: ead60c8a6ee1034724cc3c9f9f53a48f7914bf3a3a98be07c25aa24c199bf032e18311909b47713f67c0c3ac399d7aa07c3c343746a82b7f3a9e4603c9f3579f
ssdeep: 6144:YaPIWVeTdJKsLxgcSNDQL5Q9VuwLmh0kdH371oHVCvvf:YuTs1gBpQL5kmh0671o1C/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T123841926714198A6DD7258791A65BBFEAA2DB8704B940FF7F7C24AA404F03C11B74F13
sha3_384: 7f461abea01f1f77fbad40e427bbbc778eeceebc5814b7c33f9d1a6f8d0c0444686485841aa8295117c648601c8451f3
ep_bytes: e855040000e980feffff558bec5156ff
timestamp: 2016-04-17 12:23:00


Version Info:

0: [No Data]

Zusy.419750 (B) also known as:

LionicTrojan.Win32.Seven.trW4
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.419750
FireEyeGen:Variant.Zusy.419750
CAT-QuickHealRansom.SevenRI.S26100727
McAfeeTrojan-FUIB!D29665BE7D95
CylanceUnsafe
K7AntiVirusTrojan ( 004e659f1 )
K7GWTrojan ( 004e659f1 )
Cybereasonmalicious.e7d95b
VirITTrojan.Win32.Generic.IRM
CyrenW32/S-af015cae!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Filecoder.7ev3n.B
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Ransomware.Seven-6515188-0
KasperskyTrojan-Ransom.Win32.Seven.a
BitDefenderGen:Variant.Zusy.419750
NANO-AntivirusTrojan.Win32.Seven.fodnlr
AvastWin32:Malware-gen
TencentTrojan.Win32.Seven.xa
Ad-AwareGen:Variant.Zusy.419750
F-SecureTrojan.TR/FileCoder.AM
DrWebTrojan.Encoder.34771
ZillyaTrojan.Seven.Win32.5
TrendMicroRansom.Win32.SEVENCRYPT.SMYXCEB
McAfee-GW-EditionTrojan-FUIB!D29665BE7D95
EmsisoftGen:Variant.Zusy.419750 (B)
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.1TBTWF6
JiangminTrojan.Seven.a
AviraTR/FileCoder.AM
MAXmalware (ai score=86)
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Zusy.D667A6
ViRobotTrojan.Win32.7ev3n.397312
ZoneAlarmTrojan-Ransom.Win32.Seven.a
MicrosoftRansom:Win32/Seven.MAK!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Dynamer.R469018
VBA32TrojanRansom.Seven
ALYacGen:Variant.Zusy.419750
TACHYONRansom/W32.Seven.402608
MalwarebytesMalware.AI.544974446
RisingRansom.Seven!8.6B9F (CLOUD)
IkarusTrojan.Win32.Filecoder
MaxSecureTrojan.Malware.73970650.susgen
FortinetW32/GenericKD.3973!tr
BitDefenderThetaAI:Packer.225F13D41F
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.419750 (B)?

Zusy.419750 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment