Malware

About “Zusy.423887” infection

Malware Removal

The Zusy.423887 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.423887 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (36 unique times)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Zusy.423887?



File Info:

name: 39DF714EAA64F661BCA4.mlw
path: /opt/CAPEv2/storage/binaries/a77c3ec1313f98e10e003575141d2b4abfc14a962cc7d9d92fa7ad9a0ad86578
crc32: 5BA588A5
md5: 39df714eaa64f661bca4b623e8e62293
sha1: de7db9c73363509567827e28f23c38306494798a
sha256: a77c3ec1313f98e10e003575141d2b4abfc14a962cc7d9d92fa7ad9a0ad86578
sha512: 7e79f747a724fc65e1fbac830cfa0d4c273c32120c6ff64c304cb1f71d2db67aa7e8e54b11753f5ad713338d6c30e345270144af3878c491c6146b7eeabbff79
ssdeep: 196608:crk24uHetMiZ4BfJ773bWbwnOhTPMFLOyomFHKnPe:sk2FHet8ZWbLhTPMFt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F769F3BE9785016D2D201B3CE68722DE1BE7F1D1F1627DF2AA836FD1E791911628C12
sha3_384: 13d96bebcc731841e5cfa3122af940ceb5fba28a13c621f2c363a1315011d99ad81a38d7c482fba4faa425f0f22be182
ep_bytes: e85d9c0000e97ffeffff3b0d90846200
timestamp: 2022-06-04 09:32:37


Version Info:

CompanyName: TODO:  
FileDescription: AWSClient
FileVersion: 1.0.0.1
InternalName: AWSClient.exe
LegalCopyright: TODO:  (C) 。  保留所有权利。
OriginalFilename: AWSClient.exe
ProductName: TODO:  
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Zusy.423887 also known as:

LionicHacktool.Win32.GameHack.3!c
MicroWorld-eScanGen:Variant.Zusy.423887
FireEyeGen:Variant.Zusy.423887
ALYacGen:Variant.Zusy.423887
CylanceUnsafe
VIPREGen:Variant.Zusy.423887
SangforTrojan.Win32.Agent.Vfrw
K7AntiVirusTrojan ( 005929e21 )
AlibabaHackTool:Win32/GenKryptik.5da39458
K7GWTrojan ( 005929e21 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.FUDT
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:HackTool.Win32.GameHack.gen
BitDefenderGen:Variant.Zusy.423887
AvastWin32:CVE-2012-0152-A [Expl]
Ad-AwareGen:Variant.Zusy.423887
EmsisoftGen:Variant.Zusy.423887 (B)
ZillyaTrojan.GenKryptik.Win32.144536
McAfee-GW-EditionBehavesLike.Win32.PUP.wc
SophosGeneric PUA NO (PUA)
GDataGen:Variant.Zusy.423887
JiangminHackTool.Gamehack.agsl
AviraTR/Kryptik.wxuka
MAXmalware (ai score=87)
KingsoftWin32.HackTool.Undef.(kcloud)
ArcabitTrojan.Zusy.D677CF
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R494660
McAfeeArtemis!39DF714EAA64
MalwarebytesTrojan.Crypt
TrendMicro-HouseCallTROJ_GEN.R002H0CFU22
RisingHackTool.GameHack!8.59E (CLOUD)
IkarusTrojan.Win32.Krypt
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34742.@x1@auGhwDmb
AVGWin32:CVE-2012-0152-A [Expl]

How to remove Zusy.423887?

Zusy.423887 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment