Malware

Zusy.435959 information

Malware Removal

The Zusy.435959 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.435959 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Exhibits behavior characteristic of Kibex Spyware/KeyBase Keylogger
  • Deletes executed files from disk
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities

How to determine Zusy.435959?



File Info:

name: 62547F54B8029C8DF8E4.mlw
path: /opt/CAPEv2/storage/binaries/96837a8ab0db3a2670c221320aa01b901dff0ebeb3cb5bd07b6ff10c074e02cc
crc32: 762EC5F4
md5: 62547f54b8029c8df8e4f8107e9a5d54
sha1: 84b97c3a8009e80c3481fbc58999f6ea4167fe69
sha256: 96837a8ab0db3a2670c221320aa01b901dff0ebeb3cb5bd07b6ff10c074e02cc
sha512: 8a9b3c9dad4b1cdd1a7a4300009805056a406af4363d9ef56e64d9c2659c0a00f1d099588b8fb2ac0f2d1a6c70b101d5cf16fb20a5b8935dca124fce9c9db3a0
ssdeep: 49152:iKW6KaHtlG4mzqCEEb0CLA2o0i+8YYSHYMe+UvJ:nWjaHtlG4sq1Eb0CLYx+8YYge+UvJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AED59D13B75180F1C129117058BA1B35DB339E059EF0CAEBAB64FD79DD72281AE3721A
sha3_384: 2e5984c6c0821234ac9b826f4c219b0d28616bbfecc3d18781257f0d5d37dbd6c5991f6d3b9b2cb65de9474f7f101eaa
ep_bytes: 558bec6aff68f027580068a4284d0064
timestamp: 2021-03-29 14:48:39


Version Info:

FileVersion: 1.0.0.0
FileDescription: Windows 配置程序
ProductName: Windows 核心进程
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Zusy.435959 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.435959
ClamAVWin.Keylogger.Deepscan-9640645-0
CAT-QuickHealRisktool.Flystudio.17324
McAfeeArtemis!94896903FA9E
CylanceUnsafe
ZillyaTrojan.Flyagent.Win32.718
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.4b8029
BaiduWin32.Trojan-Dropper.Agent.e
CyrenW32/QQhelper.C.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Flyagent.NGX
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.435959
NANO-AntivirusTrojan.Win32.Zegost.jreafh
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Flyagent.16000183
Ad-AwareGen:Variant.Zusy.435959
EmsisoftGen:Variant.Zusy.435959 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.MulDrop16.36574
VIPREGen:Variant.Zusy.435959
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.62547f54b8029c8d
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Flyagent.A
JiangminHeur:Backdoor/PcClient
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan/Win32.FlyStudio.a
ArcabitTrojan.Zusy.D6A6F7
ZoneAlarmHEUR:Backdoor.Win32.Zegost.gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.BHO.C23372
VBA32BScope.Trojan.Dynamer
ALYacGen:Variant.Zusy.435959
MalwarebytesTrojan.MalPack.FlyStudio
RisingBackdoor.Farfli!1.64B3 (CLASSIC)
YandexTrojan.Flyagent!e8NS/ImexdE
IkarusTrojan.Win32.FlyAgent
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34698.Xs3@aWJ5TWbb
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Zusy.435959?

Zusy.435959 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment