Malware

About “Zusy.433662” infection

Malware Removal

The Zusy.433662 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.433662 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • Attempts to identify installed analysis tools by a known file location

How to determine Zusy.433662?



File Info:

name: BC4325ACCFC2E5B2C743.mlw
path: /opt/CAPEv2/storage/binaries/0aa25aaa0746b06bb90378301bfa56add18a25bbe8b536a86967f2f27c67a0ff
crc32: 57107011
md5: bc4325accfc2e5b2c743e322aaee6d70
sha1: 4ac7c92985a5dfb57ffa746289aa7ff535765da1
sha256: 0aa25aaa0746b06bb90378301bfa56add18a25bbe8b536a86967f2f27c67a0ff
sha512: fe785b6ace3a964e389f0f402920b5b6a4d6e3ee83cd86f4d7a478705967c71187bf9ee8c2571015497039457cbfeb730555da3d62c84327669757aca4e1cef4
ssdeep: 98304:Xc5x0+GAwjFVo7NB8igfAVLo43xVPyCPU5Nxq+S7qKBPP9Q3ILfR1vnurHLQ56MN:2eHo7NBCfAV3xV1PK1ZDM3H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16EA68D23B384943BC0772A3B48379654A93BBB612A258E5B37F81D4C8F36741793A747
sha3_384: 55136c64db6c7bf13bbb4ea5c1bc314d4d9ad6e58f6ac661cc20040d51335ce885e86d118f74e44467f52ce26511497f
ep_bytes: 558bec83c4f0b8d80fc200e814817dff
timestamp: 2022-07-20 12:11:25


Version Info:

FileDescription: Radeon
FileVersion: 1.0.0.0
ProgramID: Radeon
ProductName: Radeon
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Zusy.433662 also known as:

MicroWorld-eScanGen:Variant.Zusy.433662
ALYacGen:Variant.Zusy.433662
VIPREGen:Variant.Zusy.433662
K7AntiVirusTrojan-Downloader ( 0056a18b1 )
K7GWTrojan-Downloader ( 0056a18b1 )
CyrenW32/Banload.FS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Delf_AGen.R
ClamAVWin.Packed.Generickdz-9951200-0
KasperskyHEUR:Trojan-Banker.Win32.BestaFera.gen
BitDefenderGen:Variant.Zusy.433662
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Zusy.433662
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
FireEyeGen:Variant.Zusy.433662
SophosMal/Generic-S
GDataGen:Variant.Zusy.433662
AviraTR/Dldr.Delf_AGen.fxmld
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Dropper/Win.DropperX-gen.C5212828
McAfeeArtemis!BC4325ACCFC2
MAXmalware (ai score=86)
VBA32BScope.Trojan.Tiggre
IkarusTrojan-Downloader.Win32.Delf
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Delf_AGen.R!tr.dldr
BitDefenderThetaGen:NN.ZelphiF.34806.@V0@aKdYBypU
AVGWin32:DropperX-gen [Drp]
PandaTrj/Genetic.gen

How to remove Zusy.433662?

Zusy.433662 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment