Malware

Should I remove “Zusy.434303”?

Malware Removal

The Zusy.434303 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.434303 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • A process sent information about the computer to a remote location.
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Zusy.434303?



File Info:

name: F70588D3A48A04D733BB.mlw
path: /opt/CAPEv2/storage/binaries/8589faf1f0f3ad53c0ea057ee9ac5a3be9c2dfba56503325c0ae9a77b63461f8
crc32: D2E7D373
md5: f70588d3a48a04d733bb65ff1e64c956
sha1: c819a853fec64340f6f7ef784b0098024331c1c9
sha256: 8589faf1f0f3ad53c0ea057ee9ac5a3be9c2dfba56503325c0ae9a77b63461f8
sha512: b6003d03f94bc292caa0f00faa9fc7c9b879003a828a46a6523fac8bc993ddac8265b288dfe3dd948594d4f348eb8977825d07139756aaf3c1bc83eed7c341b8
ssdeep: 6144:+pt+CGBw10eqhLoOB1ujD+BQw/UXRVWBIL:+pt+IDqOK3IRV3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T173446C217351C43AD9A3257289FEC7BAA979A5304F2561C3B7D41B3E9F702D1EA3420E
sha3_384: a36531097afd07a3b4e9dc232a9a104cd35c08d7bdcd01d94f51fbdd8e1b99cbf568752d63e17ef06dc4bb7f0ef7fed6
ep_bytes: e8daa80000e978feffff5064ff350000
timestamp: 2012-09-04 06:16:10


Version Info:

CompanyName: Windows Application
FileDescription: Windows Application
FileVersion: 5, 5, 0, 1
InternalName: winhost.exe
LegalCopyright: Copyright (C) 2012
OriginalFilename: winhost.exe
ProductName: winhost
ProductVersion: 1, 11, 0, 11
Translation: 0x0409 0x04b0

Zusy.434303 also known as:

LionicTrojan.Win32.HangOver.4!c
MicroWorld-eScanGen:Variant.Zusy.434303
FireEyeGeneric.mg.f70588d3a48a04d7
ALYacGen:Variant.Zusy.434303
CylanceUnsafe
ZillyaDownloader.Agent.Win32.313975
SangforDownloader.Win32.Agent.Vxjh
K7AntiVirusTrojan-Downloader ( 004d50041 )
AlibabaTrojanDownloader:Win32/HangOver.abc19c06
K7GWTrojan-Downloader ( 004d50041 )
Cybereasonmalicious.3a48a0
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.RNV
Paloaltogeneric.ml
ClamAVWin.Trojan.Mikey-9958102-0
KasperskyHEUR:Trojan.Win32.HangOver.gen
BitDefenderGen:Variant.Zusy.434303
NANO-AntivirusTrojan.Win32.KeyLogger.ehuyqy
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Zusy.434303
EmsisoftGen:Variant.Zusy.434303 (B)
DrWebTrojan.DownLoader7.4662
VIPREGen:Variant.Zusy.434303
TrendMicroTROJ_GEN.R002C0WGS22
SophosMal/Generic-S
GDataGen:Variant.Zusy.434303
JiangminTrojanSpy.Keylogger.jgp
AviraHEUR/AGEN.1242849
Antiy-AVLTrojan/Generic.ASMalwS.330C
ArcabitTrojan.Zusy.D6A07F
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win.KeyLogger.R506708
McAfeeGenericRXAA-FA!F70588D3A48A
MAXmalware (ai score=87)
VBA32TrojanSpy.KeyLogger
MalwarebytesMalware.AI.659684166
TrendMicro-HouseCallTROJ_GEN.R002C0WGS22
RisingSpyware.Keylogger!8.12F (CLOUD)
YandexTrojan.Agent!s94zJMF01yc
IkarusTrojan.Win32.Turla
MaxSecureTrojan.Malware.10375203.susgen
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34582.qq2@aG6hyQci
AVGWin32:DropperX-gen [Drp]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Zusy.434303?

Zusy.434303 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment