Malware

Zusy.430238 (file analysis)

Malware Removal

The Zusy.430238 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.430238 virus can do?

  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.430238?



File Info:

name: 101FB2FA533E0F29DFB6.mlw
path: /opt/CAPEv2/storage/binaries/8620e9e9156c747b1fd6d96ebdebb1bb617ebe4f72c9303b313219c031bb663f
crc32: B4634492
md5: 101fb2fa533e0f29dfb6ce67edc594f0
sha1: 7f77c9d796e015bfd4d3056dcef479e40ad95286
sha256: 8620e9e9156c747b1fd6d96ebdebb1bb617ebe4f72c9303b313219c031bb663f
sha512: 41702fbb06601b8c9921aff1da517466fd2cc0b29746232a0f8fe85c76edb488d9a8329c2637813df50a2b80bf0675f0b1f0d899f1484305cce84e529315aa27
ssdeep: 196608:UHfzU+iSPPbxNsgIh15zaiFH24vHRT9eN70VNKu8dDBs:CiSPPtN+T5zDWZN7zns
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T190763311A6E1E0F1C61819F42D5A7BBBA9B94B460F18EFC357B4ED1E2D321C0A733259
sha3_384: 2e4c39e1eaa66fdb66bf2511ce73cae33c7468f4cf643e20f56533a32cddcc03460844676c251783344d55ff1102dc11
ep_bytes: 558bec6aff68580bab00689ce3440064
timestamp: 2012-05-06 02:08:14


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Zusy.430238 also known as:

CyrenCloudW32/Trojan.GRW.gen!Eldorado
BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.lvQ7
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.430238
FireEyeGeneric.mg.101fb2fa533e0f29
SkyhighBehavesLike.Win32.Generic.vc
McAfeeArtemis!101FB2FA533E
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Generic.Win32.1821564
SangforTrojan.Win32.Agent.V3iz
K7AntiVirusTrojan ( 005246d51 )
AlibabaTrojan:Win32/Inject.b19e8034
K7GWUnwanted-Program ( 0056626f1 )
Cybereasonmalicious.796e01
ArcabitTrojan.Zusy.D6909E
BitDefenderThetaGen:NN.ZexaF.36608.@t0@ayIHWbib
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.430238
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.430238
SophosMal/Generic-S
F-SecureTrojan:W32/DelfInject.R
VIPREGen:Variant.Zusy.430238
TrendMicroTROJ_GEN.R002C0WIO23
Trapminesuspicious.low.ml.score
EmsisoftApplication.Generic (A)
IkarusTrojan.Win32.Inject
VaristW32/Trojan.GRW.gen!Eldorado
Antiy-AVLTrojan/Win32.FlyStudio.a
KingsoftWin32.Trojan.Generic.a
XcitiumWorm.Win32.Dropper.RA@1qraug
MicrosoftTrojan:Win32/Emotet!ml
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Application.PSE.1OV7PVV
GoogleDetected
ALYacGen:Variant.Zusy.430238
MAXmalware (ai score=89)
VBA32BScope.TrojanPSW.Fareit
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0WIO23
RisingTrojan.Generic@AI.100 (RDML:po/Om3blAM/yOpSK8R9KrQ)
YandexTrojan.Pasta.Gen.1
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.PHP!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Zusy.430238?

Zusy.430238 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment