Malware

What is “Zusy.427877”?

Malware Removal

The Zusy.427877 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.427877 virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • Attempts to identify installed analysis tools by a known file location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Zusy.427877?



File Info:

name: 2A9E7EA9D062659A5CDF.mlw
path: /opt/CAPEv2/storage/binaries/b93f5f65b5b9b9d7008045102ee5a1904bcaa4d043eafba7af81e92c00b97e49
crc32: F387548C
md5: 2a9e7ea9d062659a5cdfde6a3b2bcdd2
sha1: c0219fb16baacb2f2ecff66ca431c54f7c8ed198
sha256: b93f5f65b5b9b9d7008045102ee5a1904bcaa4d043eafba7af81e92c00b97e49
sha512: 17c614ac0652b843eb23ac6ae98512ff483c2e690f8d4eb51b660af6a39a9e0213085f24aa0984ba4092d86fc480f64c86a79e7abf163aa8a6758aca7d15b6c1
ssdeep: 98304:dLNUsafs5U4pKLYsmsdz/L6P+49a5wCb:5NUs5QY4L6PC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T119567D13B2C4613AD0671B7A4837EB909D3F7B613E1A8C9B2BF40D8C4E359417A7A647
sha3_384: ca56097e396d0f1477ea735a348492fc143ea6feaf96c1dc41a97359b850ff7d215641ed023b297be7f7436a1c88b2e2
ep_bytes: 558bec83c4f0b8ec848d00e8743eb2ff
timestamp: 2022-06-27 03:15:27


Version Info:

FileDescription: 01541847178410854705801857780
FileVersion: 22.565.889.3
ProgramID: 01541847178410854705801857780
ProductName: 01541847178410854705801857780
ProductVersion: 22.565.889.3
Translation: 0x0409 0x04e4

Zusy.427877 also known as:

LionicTrojan.Win32.Zusy.4!c
MicroWorld-eScanGen:Variant.Zusy.427877
FireEyeGen:Variant.Zusy.427877
ALYacGen:Variant.Zusy.427877
CylanceUnsafe
VIPREGen:Variant.Zusy.427877
K7AntiVirusSpyware ( 005931e21 )
AlibabaTrojanDownloader:Win32/Delf_AGen.112aeeae
K7GWSpyware ( 005931e21 )
CyrenW32/Banload.FS.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Delf_AGen.R
Paloaltogeneric.ml
BitDefenderGen:Variant.Zusy.427877
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Zusy.427877
EmsisoftGen:Variant.Zusy.427877 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
SophosMal/Generic-S
GDataGen:Variant.Zusy.427877
AviraTR/Dldr.Delf_AGen.juiav
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.720E
ArcabitTrojan.Zusy.D68765
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win.Generic.R502285
McAfeeGenericRXTM-XM!2A9E7EA9D062
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTROJ_GEN.R03BH0CG622
RisingTrojan.Generic@AI.100 (RDML:GC5Qd5yvkNv71jblWsH+2g)
IkarusTrojan-Downloader.Win32.Delf
MaxSecureTrojan.Malware.185088259.susgen
FortinetW32/DelfAGen.R!tr.dldr
BitDefenderThetaGen:NN.ZelphiF.34786.@V0@aqUdL0lU
AVGWin32:DropperX-gen [Drp]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Zusy.427877?

Zusy.427877 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment