Malware

About “Zusy.423445” infection

Malware Removal

The Zusy.423445 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.423445 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Quantum malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Zusy.423445?



File Info:

name: 173ECF40F055F7B244A7.mlw
path: /opt/CAPEv2/storage/binaries/cd510a24d701d6cc0f1f253dab8c5d7df4c2449f8b579df0554e0c8d23c64c93
crc32: 566126BD
md5: 173ecf40f055f7b244a7a31362f6e9ea
sha1: f09c7d931fcc49feaeaec90b59dd6c4e09e11de0
sha256: cd510a24d701d6cc0f1f253dab8c5d7df4c2449f8b579df0554e0c8d23c64c93
sha512: 8c3dd463397baa57c45a898123e65500e66dd548444d9ee0c9df153451633b005d5f6584d20f9a058575b2a09b9b3a3172b5c9101d04a7dc3ac97534df57d80d
ssdeep: 196608:ms2RcaIYzDu39LH5OfKueyPPzUmeSACbfmkUzBdGea:msNmzDuZUfKueyPPzUmedC6kU1dGe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T133D67D22F284A03BC0671A364C3B9754683BBB613E2A9C5B3BF45D4C5F356817926F87
sha3_384: efc3cb50ccdee2b8387ae861fbd027d096c1be1827d1d89520d25f82e462c3c2e2cc29ddf9bec09e1d87c205e4f45555
ep_bytes: 558bec83c4f0b81ccfec00e8143c52ff
timestamp: 2022-05-05 02:55:07


Version Info:

CompanyName: Razzing HEAD Display Folling
FileDescription: Razzing HEAD Display Folling
FileVersion: 44.76.8754.32
InternalName: Razzing HEAD Display Folling
LegalCopyright: Razzing HEAD Copyright (C)
LegalTrademarks: Razzing HEAD Copyright (C)
OriginalFilename: Razzing HEAD Display Folling
ProgramID: Razzing HEAD Display Folling
ProductName: Razzing HEAD Display Folling
ProductVersion: 44.76.8754.32
Comments: Razzing HEAD Display Folling
Translation: 0x0409 0x04e4

Zusy.423445 also known as:

MicroWorld-eScanGen:Variant.Fragtor.85381
McAfeeArtemis!173ECF40F055
K7AntiVirusTrojan-Downloader ( 005923a71 )
K7GWTrojan-Downloader ( 005923a71 )
ESET-NOD32a variant of Win32/TrojanDownloader.Banload.YTX
BitDefenderGen:Variant.Zusy.423445
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Zusy.423445
EmsisoftGen:Variant.Fragtor.85381 (B)
McAfee-GW-EditionBehavesLike.Win32.BadFile.rh
FireEyeGen:Variant.Fragtor.85381
AviraTR/Dldr.Banload.pigrm
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Fragtor.D14D85
GDataGen:Variant.Fragtor.85381
CynetMalicious (score: 99)
ALYacGen:Variant.Fragtor.85381
MAXmalware (ai score=81)
RisingSpyware.Delf!8.12D (TFE:dGZlOgRdypZZ+0MGTg)
IkarusTrojan-Downloader.Win32.Banload
FortinetW32/Banload.YTX!tr
BitDefenderThetaGen:NN.ZelphiF.34638.@V0@aKFwt2pO
AVGWin32:DropperX-gen [Drp]

How to remove Zusy.423445?

Zusy.423445 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment