Malware

Should I remove “Zusy.427140”?

Malware Removal

The Zusy.427140 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Zusy.427140 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Zusy.427140?


File Info:

name: 313877E03BD0FB914086.mlw
path: /opt/CAPEv2/storage/binaries/00c91e484880a9b1b654c62747fcd82a7b1556e56ebc1f0a2f679e8672414662
crc32: 43F5E5E0
md5: 313877e03bd0fb914086d8168521ec02
sha1: 94c926bbd91fdef780562d880b35f0f930639756
sha256: 00c91e484880a9b1b654c62747fcd82a7b1556e56ebc1f0a2f679e8672414662
sha512: 62f30b8b8e11b77a5730a4e9a62ed3658a84fc9eee80d7b53196218616e62b6f179eab40b6613e85188678256873a26a3d22a934d7a2d4a24ab812ff16fe1aed
ssdeep: 196608:wYXj06Z6bcKvcTpQsWENzdIIPdygK0x8FhyJ5jGPWHv01BhIi8qRH:ZX+bciMz2Abx8SJ5jMa07hIi8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10EB633A74239014EE0F9C97CC237BDA632F6037B5A81FC7D54EBBAD525195E2E203942
sha3_384: 250be2ea8c0379db1e1d3c3415510312cc7be139f9b7f07f6f6b7629ec9285c350a568aba782058082bfef4d7a1b20a1
ep_bytes: 68be610a39e807a00e0068001adb9ae8
timestamp: 2011-07-03 09:05:04

Version Info:

0: [No Data]

Zusy.427140 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.427140
FireEyeGeneric.mg.313877e03bd0fb91
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.bd91fd
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.VMProtect.RI
APEXMalicious
BitDefenderGen:Variant.Zusy.427140
Ad-AwareGen:Variant.Zusy.427140
SophosMal/VMProtBad-A
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Zusy.427140 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.427140
AviraHEUR/AGEN.1239896
MAXmalware (ai score=82)
ArcabitTrojan.Zusy.D68484
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
ALYacGen:Variant.Zusy.427140
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Generic@AI.100 (RDML:Ehm6t8kZSh09S0f7XVIoew)
YandexTrojan.GenAsa!N2loz4QbOAA
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34742.@BW@aeqAnTe
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Zusy.427140?

Zusy.427140 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment