Malware

About “Zusy.426429” infection

Malware Removal

The Zusy.426429 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.426429 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Qatar)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Created a service that was not started

How to determine Zusy.426429?



File Info:

name: B3ACF18A8833120A3873.mlw
path: /opt/CAPEv2/storage/binaries/e09a400447524a66bb1195f1e2a9ae5d0a59ffcc218e7ee00dc40af69b9fa893
crc32: D5FD32DA
md5: b3acf18a8833120a3873182fe8ee43b3
sha1: 8c753f4ec1cff4102df2117bd37b6f0a61681c0c
sha256: e09a400447524a66bb1195f1e2a9ae5d0a59ffcc218e7ee00dc40af69b9fa893
sha512: 1610e4cd2f1f837a1b41d60e8a0c087ca362b397be50a457a4df962245062277496ddf3e1c885b386854a2388eec41d56985070dcc30907a8f0581f79cf28f5b
ssdeep: 49152:WAf81Jhez4eLN0jUf6WVzpPmen3n/ozenSwMG03e9wy:S+2j+XVF+e3ngzenSY03mL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5E5C5A2B80A76CBD04E2B7C856BCF81E91D0BF952244916A85D74BEEDB3CC11587C1F
sha3_384: 04e952019bf24546bafc8ec112d9091c58cd3bc393d423f883ffb54f63031a238c6910cd21e8d91f012d59ab86fcad22
ep_bytes: 558bec6aff6828c64600685ca0460064
timestamp: 2022-06-09 17:27:09


Version Info:

CompanyName: Puran Software
FileDescription: DiskFresh by Puran Software
FileVersion: 1.2.0.21
InternalName: DiskFresh.exe
LegalCopyright: 
OriginalFilename: DiskFresh.exe
ProductName: DiskFresh
ProductVersion: 1.2.0.21
Translation: 0x0409 0x04e4

Zusy.426429 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.426429
FireEyeGeneric.mg.b3acf18a8833120a
ALYacGen:Variant.Zusy.426429
CylanceUnsafe
K7AntiVirusTrojan ( 005821bc1 )
K7GWTrojan ( 005821bc1 )
Cybereasonmalicious.ec1cff
ArcabitTrojan.Zusy.D681BD
BitDefenderThetaGen:NN.ZexaF.34742.!A0@aCZ1Reni
CyrenW32/Kryptik.GRZ.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HMQG
APEXMalicious
ClamAVWin.Packed.Zusy-9951126-0
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Zusy.426429
AvastWin32:CrypterX-gen [Trj]
TencentTrojan.Win32.Staser.wd
Ad-AwareGen:Variant.Zusy.426429
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.vm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zusy.426429 (B)
IkarusTrojan.Win32.Crypt
AviraTR/Crypt.Agent.ifgxt
MAXmalware (ai score=84)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Zusy.426429
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R499048
McAfeeTrojan-FTRG!B3ACF18A8833
MalwarebytesGeneric.Trojan.Malicious.DDS
RisingTrojan.Generic@AI.100 (RDML:4iP873J1EZLQjbXaVGJRWQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HMQG!tr
AVGWin32:CrypterX-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.426429?

Zusy.426429 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment